From 66fbe49ee24ad8b21e79a0af5a48740b74d0a5b0 Mon Sep 17 00:00:00 2001 From: Ross Bryan Date: Wed, 20 Mar 2024 08:20:17 -0400 Subject: [PATCH] secscan: implement basescore/cveid (PROJQUAY-6697) (#2684) * secscan: implement basescore/cveid (PROJQUAY-6697) Signed-off-by: Ross Bryan * docs: add docstrings to helper functions Signed-off-by: Ross Bryan * secscan: refactor base_score builder loop Signed-off-by: Ross Bryan * make cveIDs a unique, alpha sorted list Signed-off-by: Ross Bryan --------- Signed-off-by: Ross Bryan --- data/secscan_model/datatypes.py | 56 +- data/secscan_model/secscan_v4_model.py | 19 + .../test/securityinformation.json | 5968 +++--- .../test/securityinformation_deduped.json | 1844 +- .../securityinformation_withenrichments.json | 340 +- .../test/test_secscan_v4_model.py | 153 +- .../test/vulnerabilityreport.json | 17260 +++++++++++++--- 7 files changed, 19009 insertions(+), 6631 deletions(-) diff --git a/data/secscan_model/datatypes.py b/data/secscan_model/datatypes.py index 6998bb4ded..9573bcc72e 100644 --- a/data/secscan_model/datatypes.py +++ b/data/secscan_model/datatypes.py @@ -1,7 +1,47 @@ +import re from collections import namedtuple from enum import IntEnum, unique +def link_to_cves(input_string): + """ + link_to_cves takes an input string, typically the link field from a clair response + parses the string and finds all unique CVEs within the string. + """ + cve_pattern = r"CVE-\d{4}-\d{4,7}" + return sorted(list(set(re.findall(cve_pattern, input_string)))) + + +def vulns_to_cves(vulnerabilities): + """ + vulns_to_cves takes a list of Vulnerabilities and returns + a unique list of CVE Ids sorted alphabetically + """ + seen = set() + return sorted( + [ + cve + for v in vulnerabilities + for cve in link_to_cves(v.Link) + if not (cve in seen or seen.add(cve)) + ] + ) + + +def vulns_to_base_scores(vulnerabilities): + """ + vulns_to_base_scores takes a list of Vulnerabilities and returns a list of + CVE BaseScores for the given Vulnerabilities + """ + return [ + vulnerability.Metadata.NVD.CVSSv3.Score + for vulnerability in vulnerabilities + if vulnerability.Metadata.NVD + and vulnerability.Metadata.NVD.CVSSv3 + and vulnerability.Metadata.NVD.CVSSv3.Score + ] + + @unique class ScanLookupStatus(IntEnum): # Indicates that the given manifest or image could not be found in the registry data model. @@ -39,7 +79,17 @@ class ScanLookupStatus(IntEnum): NVD = namedtuple("NVD", ["CVSSv3"]) CVSSv3 = namedtuple("CVSSv3", ["Vectors", "Score"], defaults=(None, None)) Feature = namedtuple( - "Feature", ["Name", "VersionFormat", "NamespaceName", "AddedBy", "Version", "Vulnerabilities"] + "Feature", + [ + "Name", + "VersionFormat", + "NamespaceName", + "AddedBy", + "Version", + "BaseScores", + "CVEIds", + "Vulnerabilities", + ], ) Layer = namedtuple("Layer", ["Name", "NamespaceName", "ParentName", "IndexedByVersion", "Features"]) @@ -64,6 +114,8 @@ def from_dict(cls, data_dict): NamespaceName=f["NamespaceName"], AddedBy=f["AddedBy"], Version=f["Version"], + BaseScores=f["BaseScores"], + CVEIds=f["CVEIds"], Vulnerabilities=[ Vulnerability( Severity=vuln.get("Severity", None), @@ -111,6 +163,8 @@ def to_dict(self): "NamespaceName": f.NamespaceName, "AddedBy": f.AddedBy, "Version": f.Version, + "BaseScores": vulns_to_base_scores(f.Vulnerabilities), + "CVEIds": vulns_to_cves(f.Vulnerabilities), "Vulnerabilities": [ { "Severity": v.Severity, diff --git a/data/secscan_model/secscan_v4_model.py b/data/secscan_model/secscan_v4_model.py index 2c4ab14a6c..9c21b794e0 100644 --- a/data/secscan_model/secscan_v4_model.py +++ b/data/secscan_model/secscan_v4_model.py @@ -32,6 +32,7 @@ SecurityInformationLookupResult, UpdatedVulnerability, Vulnerability, + link_to_cves, ) from data.secscan_model.interface import ( InvalidConfigurationException, @@ -605,6 +606,22 @@ def features_for(report): else {} ) + base_scores = [] + if report.get("enrichments", {}): + for enrichment_list in report["enrichments"].values(): + for pkg_vuln in enrichment_list: + for k, v in pkg_vuln.items(): + if not isinstance(v, list): + logger.error(f"Unexpected type for value of key '{k}': {type(v)}") + continue + for item in v: + if not isinstance(item, dict) or "baseScore" not in item: + logger.error(f"Invalid item format or missing 'baseScore': {item}") + continue + base_scores.append(item["baseScore"]) + + cve_ids = [link_to_cves(v["links"]) for v in pkg_vulns] + features.append( Feature( pkg["name"], @@ -612,6 +629,8 @@ def features_for(report): "", pkg_env["introduced_in"], pkg["version"], + base_scores, + cve_ids, [ Vulnerability( fetch_vuln_severity(vuln, enrichments), diff --git a/data/secscan_model/test/securityinformation.json b/data/secscan_model/test/securityinformation.json index d103ae87d4..a61afe17d3 100644 --- a/data/secscan_model/test/securityinformation.json +++ b/data/secscan_model/test/securityinformation.json @@ -2,169 +2,130 @@ "status": "scanned", "data": { "Layer": { - "Name": "sha256:b05ac1eeec8635442fa5d3e55d6ef4ad287b9c66055a552c2fd309c334563b0a", + "Name": "sha256:4fd9553ca70c7ed6cbb466573fed2d03b0a8dd2c2eba9febf2ce30f8d537ba17", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [ { - "Name": "bash", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "5.0-4", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0002", - "FixedBy": "", - "Description": "The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.", - "Name": "CVE-2010-0002", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "FixedBy": "", - "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "Name": "CVE-2019-18276", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "libnettle6", + "Name": "librepo", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "3.4.1-1", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.14.2-4.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libp11-kit0", + "Name": "popt", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "0.23.15-2", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.18-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libpam-modules", + "Name": "curl", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.3.1-5", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "7.61.1-30.el8_8.3", + "BaseScores": [ + 6.5, + 3.7, + 8.8, + 3.7 + ], + "CVEIds": [ + "CVE-2023-27534", + "CVE-2023-28322", + "CVE-2023-38546", + "CVE-2023-46218" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0388", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-46218", "FixedBy": "", - "Description": "pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.", - "Name": "CVE-2003-0388", + "Description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.", + "Name": "curl: information disclosure by exploiting a mixed case flaw (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0003", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-38546", "FixedBy": "", - "Description": "pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.", - "Name": "CVE-2007-0003", + "Description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.", + "Name": "curl: cookie injection with none file (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "Score": 3.7 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-27534", "FixedBy": "", - "Description": "pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to \"user file stamps\" and the motd.legal-notice file.", - "Name": "CVE-2010-0832", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", + "Name": "curl: SFTP path ~ resolving discrepancy (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "Score": 8.8 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17953", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-28322", "FixedBy": "", - "Description": "A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).", - "Name": "CVE-2018-17953", + "Description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", + "Name": "curl: more POST-after-PUT confusion (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "Score": 3.7 } } } @@ -172,92 +133,247 @@ ] }, { - "Name": "libpam-modules-bin", + "Name": "github.com/sirupsen/logrus", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.9.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libgpg-error", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.31-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.3.1-5", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "4.14.3-26.el8", + "BaseScores": [ + 6.7 + ], + "CVEIds": [ + "CVE-2021-35937", + "CVE-2021-35938", + "CVE-2021-35939" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0388", - "FixedBy": "", - "Description": "pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.", - "Name": "CVE-2003-0388", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939", + "FixedBy": "0:4.14.3-28.el8_9", + "Description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2024:0647: rpm security update (Moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "Score": 6.7 } } } - }, + } + ] + }, + { + "Name": "golang.org/x/text", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.12.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/prometheus/procfs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.11.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "mpfr", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.1.6-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "rpm", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "4.14.3-26.el8", + "BaseScores": [ + 6.7 + ], + "CVEIds": [ + "CVE-2021-35937", + "CVE-2021-35938", + "CVE-2021-35939" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0003", - "FixedBy": "", - "Description": "pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.", - "Name": "CVE-2007-0003", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939", + "FixedBy": "0:4.14.3-28.el8_9", + "Description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2024:0647: rpm security update (Moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "Score": 6.7 } } } - }, + } + ] + }, + { + "Name": "basesystem", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "11-5.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/cpuguy83/go-md2man/v2", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v2.0.2", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/jackc/pgx/v4", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v4.18.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/knqyf263/go-deb-version", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.0.0-20190517075300-09fca494f03d", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "gobject-introspection", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.56.1-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "krb5-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.18.2-25.el8_8", + "BaseScores": [ + 8.1 + ], + "CVEIds": [ + "CVE-2023-5455" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-5455", "FixedBy": "", - "Description": "pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to \"user file stamps\" and the motd.legal-notice file.", - "Name": "CVE-2010-0832", + "Description": "DOCUMENTATION: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. \n STATEMENT: The CSRF vulnerability in ipa/session/login_password is considered a moderate issue due to the need for the attacker to trick users into submitting a request. This implies that exploitation requires user interaction for a new authentication attempt, rather than reflecting a cookie for an already logged-in user. While the vulnerability could result in a loss of confidentiality and system integrity, the specific actions and their severity are not explicitly detailed. The moderate classification suggests that, while serious, the limitations on exploitation conditions and potential impact contribute to a moderate overall severity.\n MITIGATION: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", + "Name": "ipa: Invalid CSRF protection (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "Score": 8.1 } } } - }, + } + ] + }, + { + "Name": "ca-certificates", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2023.2.60_v7.0.306-80.0.el8_8", + "BaseScores": [ + 9.8 + ], + "CVEIds": [ + "CVE-2023-37920" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17953", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-37920", "FixedBy": "", - "Description": "A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).", - "Name": "CVE-2018-17953", + "Description": "DOCUMENTATION: A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", + "Name": "python-certifi: Removal of e-Tugra root certificate (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Score": 9.8 } } } @@ -265,92 +381,314 @@ ] }, { - "Name": "libpam-runtime", + "Name": "github.com/opencontainers/go-digest", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.0.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/remind101/migrate", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.0.0-20170729031349-52c1edff7319", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "go.opentelemetry.io/otel/sdk", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "Version": "v1.16.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libusbx", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.0.23-4.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libuuid", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.32.1-42.el8_8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/prometheus/client_model", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.4.1-0.20230718164431-9a2bf3000d16", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "golang.org/x/sync", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.3.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libsmartcols", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.32.1-42.el8_8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "json-glib", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.4.4-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "brotli", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.0.6-3.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "rootfiles", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "8.1-22.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/jackc/pgconn", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.14.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.42.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "gpgme", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.13.1-11.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libcap-ng", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.7.11-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/beorn7/perks", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.0.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/google/uuid", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.3.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/ugorji/go/codec", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.2.11", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "go.opentelemetry.io/otel/exporters/jaeger", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "Version": "v1.16.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "chkconfig", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.19.1-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libdb", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "5.3.28-42.el8_4", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "glib2", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.3.1-5", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.56.4-161.el8", + "BaseScores": [ + 5.5, + 7.5, + 5.5, + 7.5 + ], + "CVEIds": [ + "CVE-2023-29499", + "CVE-2023-32611", + "CVE-2023-32636", + "CVE-2023-32665" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0388", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-32665", "FixedBy": "", - "Description": "pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.", - "Name": "CVE-2003-0388", + "Description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "Name": "glib: GVariant deserialisation does not match spec for non-normal data (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0003", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-32636", "FixedBy": "", - "Description": "pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.", - "Name": "CVE-2007-0003", + "Description": "DOCUMENTATION: A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "Name": "glib: Timeout in fuzz_variant_text (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-32611", "FixedBy": "", - "Description": "pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to \"user file stamps\" and the motd.legal-notice file.", - "Name": "CVE-2010-0832", + "Description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "Name": "glib: g_variant_byteswap() can take a long time with some non-normal inputs (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17953", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-29499", "FixedBy": "", - "Description": "A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).", - "Name": "CVE-2018-17953", + "Description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "Name": "glib: GVariant offset table entry size is not checked in is_normal() (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } @@ -358,92 +696,137 @@ ] }, { - "Name": "libpam0g", + "Name": "libpeas", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.22.0-6.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libssh", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.3.1-5", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.9.6-10.el8_8", + "BaseScores": [ + 5.9, + 5.3, + 4.8 + ], + "CVEIds": [ + "CVE-2023-48795", + "CVE-2023-6004", + "CVE-2023-6918" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0388", - "FixedBy": "", - "Description": "pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.", - "Name": "CVE-2003-0388", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795", + "FixedBy": "0:0.9.6-13.el8_9", + "Description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2024:0628: libssh security update (Moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "Score": 5.9 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0003", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-6918", "FixedBy": "", - "Description": "pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.", - "Name": "CVE-2007-0003", + "Description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "Name": "libssh: Missing checks for return values for digests (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "Score": 5.3 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-6004", "FixedBy": "", - "Description": "pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to \"user file stamps\" and the motd.legal-notice file.", - "Name": "CVE-2010-0832", + "Description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "Name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "Score": 4.8 } } } - }, + } + ] + }, + { + "Name": "golang.org/x/crypto", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.12.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libtasn1", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "4.13-4.el8_7", + "BaseScores": [ + 5.5 + ], + "CVEIds": [ + "CVE-2018-1000654" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17953", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-1000654", "FixedBy": "", - "Description": "A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).", - "Name": "CVE-2018-17953", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. \n STATEMENT: This flaw is in the asn1Parser binary included in libtasn1-tools RPM. The dynamic library libtasn1 and libtasn1-devel RPMs are not affected.", + "Name": "CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } @@ -451,92 +834,221 @@ ] }, { - "Name": "libpcre3", + "Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2:8.39-12", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164", - "FixedBy": "", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Name": "CVE-2017-11164", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.11-5.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "setup", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.12.2-9.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "publicsuffix-list-dafsa", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "20180723-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/remyoudompheng/bigfft", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.0.0-20230129092748-24d4a6f8daec", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "golang.org/x/time", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.3.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libdb-utils", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "5.3.28-42.el8_4", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "ubi8/ubi-minimal", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "8.8-1072.1696517598", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/docker/distribution", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v2.8.1+incompatible", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/jackc/pgpassfile", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.0.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/knqyf263/go-apk-version", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.0.0-20200609155635-041fdbb8563f", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "go.opentelemetry.io/otel/metric", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.16.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/quay/goval-parser", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.8.8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/tomnomnom/linkheader", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.0.0-20180905144013-02ca5825eb80", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libassuan", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.5.1-3.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libarchive", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.3.3-5.el8", + "BaseScores": [ + 6.5, + 6.5, + 6.5 + ], + "CVEIds": [ + "CVE-2018-1000879", + "CVE-2018-1000880", + "CVE-2020-21674" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16231", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-21674", "FixedBy": "", - "Description": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.", - "Name": "CVE-2017-16231", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. \n STATEMENT: Red Hat Product Security has set the Severity of this flaw to Low for libarchive as shipped with Red Hat Enterprise Linux 8 because we could not reproduce the issue and it states \"NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.\"\n\nThis flaw is out of support scope for libarchive as shipped with Red Hat Enterprise Linux 6 and 7.", + "Name": "CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-1000880", "FixedBy": "", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Name": "CVE-2017-7245", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.", + "Name": "CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-1000879", "FixedBy": "", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Name": "CVE-2017-7246", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.", + "Name": "CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } @@ -544,336 +1056,211 @@ ] }, { - "Name": "libseccomp2", + "Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.3.3-4", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893", - "FixedBy": "", - "Description": "libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.", - "Name": "CVE-2019-9893", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.0.3", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libselinux1", + "Name": "github.com/jackc/pgtype", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.8-1+b1", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.14.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libsemanage-common", + "Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.8-2", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.44.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "bsdutils", + "Name": "github.com/quay/clair/config", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1:2.33.1-0.1", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.3.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libsemanage1", + "Name": "github.com/quay/claircore", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.8-2", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.5.19", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libsepol1", + "Name": "github.com/quay/claircore/updater/driver", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.8-1", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.0.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libsmartcols1", + "Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.33.1-0.1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822", - "FixedBy": "", - "Description": "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.", - "Name": "CVE-2007-0822", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.23.22-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libstdc++6", + "Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "8.3.0-6", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "8.30-15.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libtasn1-6", + "Name": "librhsm", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "4.13-3", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "FixedBy": "", - "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "Name": "CVE-2018-1000654", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.0.3-5.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libunistring2", + "Name": "github.com/doug-martin/goqu/v8", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "0.9.10-1", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v8.6.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/evanphx/json-patch/v5", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v5.6.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/jackc/pgio", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.0.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "modernc.org/memory", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.6.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "coreutils", + "Name": "gnutls", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "8.30-3", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.6.16-6.el8_7", + "BaseScores": [ + 7.5, + 5.9, + 6.5 + ], + "CVEIds": [ + "CVE-2021-4209", + "CVE-2023-5981", + "CVE-2024-0553" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4135", - "FixedBy": "", - "Description": "The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.", - "Name": "CVE-2009-4135", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0221", - "FixedBy": "", - "Description": "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.", - "Name": "CVE-2013-0221", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0222", - "FixedBy": "", - "Description": "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.", - "Name": "CVE-2013-0222", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0223", - "FixedBy": "", - "Description": "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.", - "Name": "CVE-2013-0223", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4041", - "FixedBy": "", - "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "Name": "CVE-2015-4041", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/security/cve/CVE-2024-0553", + "FixedBy": "0:3.6.16-8.el8_9.1", + "Description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2024:0627: gnutls security update (Moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 7.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4042", - "FixedBy": "", - "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "Name": "CVE-2015-4042", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8", + "Link": "https://access.redhat.com/errata/RHSA-2024:0155 https://access.redhat.com/security/cve/CVE-2023-5981", + "FixedBy": "0:3.6.16-8.el8_9", + "Description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: timing side-channel in the RSA-PSK authentication (CVE-2023-5981)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2024:0155: gnutls security update (Moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "test_updater", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781", - "FixedBy": "", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Name": "CVE-2016-2781", - "Metadata": { - "UpdatedBy": "test_updater", - "RepoName": "test_repo", - "RepoLink": "http://test-uri", - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 5.9 } } } }, { - "Severity": "Unknown", - "NamespaceName": "test_updater", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2021-4209", "FixedBy": "", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Name": "CVE-2017-18018", + "Description": "DOCUMENTATION: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. \n STATEMENT: According to the analysis on the upstream issue, this flaw has been rated as having a security impact of Low.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", + "Name": "GnuTLS: Null pointer dereference in MD_UPDATE (low)", "Metadata": { - "UpdatedBy": "test_updater", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": "rhel", - "DistroVersion": "8.0", + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } @@ -881,1643 +1268,292 @@ ] }, { - "Name": "libuuid1", + "Name": "libselinux", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.33.1-0.1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822", - "FixedBy": "", - "Description": "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.", - "Name": "CVE-2007-0822", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.9-8.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libzstd1", + "Name": "github.com/jackc/chunkreader/v2", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.3.8+dfsg-3", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v2.0.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "login", + "Name": "github.com/knqyf263/go-rpm-version", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1:4.5-1.1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1594", - "FixedBy": "", - "Description": "Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.", - "Name": "CVE-2002-1594", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1183", - "FixedBy": "", - "Description": "The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.", - "Name": "CVE-2006-1183", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3597", - "FixedBy": "", - "Description": "passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the \"Go Back\" option after the final \"Installation complete\" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.", - "Name": "CVE-2006-3597", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5686", - "FixedBy": "", - "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", - "Name": "CVE-2007-5686", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "FixedBy": "", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Name": "CVE-2013-4235", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16588", - "FixedBy": "", - "Description": "Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.", - "Name": "CVE-2018-16588", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "FixedBy": "", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Name": "CVE-2018-7169", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19882", - "FixedBy": "", - "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", - "Name": "CVE-2019-19882", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "mawk", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.3.3-17+b3", - "Vulnerabilities": [ - - ] - }, - { - "Name": "mount", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.33.1-0.1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822", - "FixedBy": "", - "Description": "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.", - "Name": "CVE-2007-0822", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "passwd", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1:4.5-1.1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1594", - "FixedBy": "", - "Description": "Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.", - "Name": "CVE-2002-1594", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1183", - "FixedBy": "", - "Description": "The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.", - "Name": "CVE-2006-1183", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3597", - "FixedBy": "", - "Description": "passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the \"Go Back\" option after the final \"Installation complete\" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.", - "Name": "CVE-2006-3597", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5686", - "FixedBy": "", - "Description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", - "Name": "CVE-2007-5686", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "FixedBy": "", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Name": "CVE-2013-4235", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16588", - "FixedBy": "", - "Description": "Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.", - "Name": "CVE-2018-16588", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "FixedBy": "", - "Description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "Name": "CVE-2018-7169", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19882", - "FixedBy": "", - "Description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", - "Name": "CVE-2019-19882", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "perl-base", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "5.28.1-6", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0377", - "FixedBy": "", - "Description": "Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.", - "Name": "CVE-2004-0377", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4217", - "FixedBy": "", - "Description": "Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the \"$<\" variable to set uid, which allows attackers to gain privileges.", - "Name": "CVE-2005-4217", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4278", - "FixedBy": "", - "Description": "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.", - "Name": "CVE-2005-4278", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1158", - "FixedBy": "", - "Description": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.", - "Name": "CVE-2010-1158", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4116", - "FixedBy": "", - "Description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", - "Name": "CVE-2011-4116", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8608", - "FixedBy": "", - "Description": "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.", - "Name": "CVE-2015-8608", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12814", - "FixedBy": "", - "Description": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.", - "Name": "CVE-2017-12814", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "sed", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "4.7-1", - "Vulnerabilities": [ - - ] - }, - { - "Name": "dash", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "0.5.10.2-5", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0854", - "FixedBy": "", - "Description": "Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.", - "Name": "CVE-2009-0854", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "sysvinit-utils", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.93-8", - "Vulnerabilities": [ - - ] - }, - { - "Name": "tar", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.30+dfsg-6", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2541", - "FixedBy": "", - "Description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", - "Name": "CVE-2005-2541", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923", - "FixedBy": "", - "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "Name": "CVE-2019-9923", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "tzdata", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2019c-0+deb10u1", - "Vulnerabilities": [ - - ] - }, - { - "Name": "util-linux", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.33.1-0.1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822", - "FixedBy": "", - "Description": "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.", - "Name": "CVE-2007-0822", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "zlib1g", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1:1.2.11.dfsg-1", - "Vulnerabilities": [ - - ] - }, - { - "Name": "base-files", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "10.3+deb10u1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0834", - "FixedBy": "", - "Description": "The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.", - "Name": "CVE-2010-0834", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6557", - "FixedBy": "", - "Description": "The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.", - "Name": "CVE-2018-6557", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "debconf", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.5.71", - "Vulnerabilities": [ - - ] - }, - { - "Name": "e2fsprogs", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.44.5-1+deb10u2", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "FixedBy": "1.44.5-1+deb10u3", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Name": "CVE-2019-5188", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "adduser", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "3.118", - "Vulnerabilities": [ - - ] - }, - { - "Name": "debian-archive-keyring", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2019.1 /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg 9e93d0a43d3a60272034c15900e9df6f /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg f2d1b03b7a3c279ec66425d06aaab50f /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg 4797ff6df738da65413ef710cf73936f /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg 47d3fff11215d63917b41cb249ca0cbb /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg 762c194d687970dd37e6bbcb1f88be6b /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg 396bc7a1b3a1c2a67b33366b9300897b /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg f8ca9f176f6a5747e113f62220671e0b /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg 986449e3c1ed5c157686f0166411b829 /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg 67fa5396fa0900c0abd1058d98d9247e", - "Vulnerabilities": [ - - ] - }, - { - "Name": "debianutils", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "4.8.6.1", - "Vulnerabilities": [ - - ] - }, - { - "Name": "libcom-err2", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.44.5-1+deb10u2", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "FixedBy": "1.44.5-1+deb10u3", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Name": "CVE-2019-5188", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "diffutils", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1:3.7-3", - "Vulnerabilities": [ - - ] - }, - { - "Name": "libext2fs2", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.44.5-1+deb10u2", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "FixedBy": "1.44.5-1+deb10u3", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Name": "CVE-2019-5188", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "libgnutls30", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "3.6.7-4", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5138", - "FixedBy": "", - "Description": "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.", - "Name": "CVE-2009-5138", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4466", - "FixedBy": "", - "Description": "Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.", - "Name": "CVE-2013-4466", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4487", - "FixedBy": "", - "Description": "Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.", - "Name": "CVE-2013-4487", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8155", - "FixedBy": "", - "Description": "GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.", - "Name": "CVE-2014-8155", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0282", - "FixedBy": "", - "Description": "GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.", - "Name": "CVE-2015-0282", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8313", - "FixedBy": "", - "Description": "GnuTLS incorrectly validates the first byte of padding in CBC modes", - "Name": "CVE-2015-8313", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "libidn2-0", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.0.5-1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", - "FixedBy": "", - "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", - "Name": "CVE-2019-12290", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", - "FixedBy": "2.0.5-1+deb10u1", - "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", - "Name": "CVE-2019-18224", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "dpkg", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.19.7", - "Vulnerabilities": [ - - ] - }, - { - "Name": "libncursesw6", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "6.1+20181013-2+deb10u1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "FixedBy": "6.1+20181013-2+deb10u2", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Name": "CVE-2019-17594", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "FixedBy": "6.1+20181013-2+deb10u2", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Name": "CVE-2019-17595", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] - }, - { - "Name": "libss2", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.44.5-1+deb10u2", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "FixedBy": "1.44.5-1+deb10u3", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Name": "CVE-2019-5188", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.0.0-20170716094938-74609b86c936", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libsystemd0", + "Name": "go.opentelemetry.io/otel/exporters/stdout/stdouttrace", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "241-7~deb10u1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392", - "FixedBy": "", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Name": "CVE-2013-4392", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21029", - "FixedBy": "", - "Description": "** DISPUTED ** systemd 239 through 244 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent).", - "Name": "CVE-2018-21029", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "FixedBy": "241-7~deb10u2", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Name": "CVE-2019-15718", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "FixedBy": "", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Name": "CVE-2019-20386", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3815", - "FixedBy": "", - "Description": "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.", - "Name": "CVE-2019-3815", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "FixedBy": "", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Name": "CVE-2019-3843", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "FixedBy": "", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Name": "CVE-2019-3844", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "FixedBy": "", - "Description": "", - "Name": "CVE-2020-1712", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] + "AddedBy": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "Version": "v1.16.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "fdisk", + "Name": "libmodulemd", "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.33.1-0.1", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822", - "FixedBy": "", - "Description": "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.", - "Name": "CVE-2007-0822", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.13.0-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libtinfo6", + "Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "6.1+20181013-2+deb10u1", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "6.1-9.20180224.el8_8.1", + "BaseScores": [ + 8.8, + 5.5, + 6.5, + 6.5, + 6.5, + 6.5, + 6.5, + 6.5, + 6.5, + 6.5 + ], + "CVEIds": [ + "CVE-2018-19211", + "CVE-2018-19217", + "CVE-2020-19185", + "CVE-2020-19186", + "CVE-2020-19187", + "CVE-2020-19188", + "CVE-2020-19189", + "CVE-2020-19190", + "CVE-2021-39537", + "CVE-2023-50495" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "FixedBy": "6.1+20181013-2+deb10u2", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Name": "CVE-2019-17594", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2021-39537", + "FixedBy": "", + "Description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.", + "Name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "Score": 8.8 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "FixedBy": "6.1+20181013-2+deb10u2", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Name": "CVE-2019-17595", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-19211", + "FixedBy": "", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } - } - ] - }, - { - "Name": "libudev1", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "241-7~deb10u1", - "Vulnerabilities": [ + }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-19217", "FixedBy": "", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Name": "CVE-2013-4392", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21029", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19185", "FixedBy": "", - "Description": "** DISPUTED ** systemd 239 through 244 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent).", - "Name": "CVE-2018-21029", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "FixedBy": "241-7~deb10u2", - "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "Name": "CVE-2019-15718", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19186", + "FixedBy": "", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19187", "FixedBy": "", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Name": "CVE-2019-20386", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3815", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19188", "FixedBy": "", - "Description": "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.", - "Name": "CVE-2019-3815", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "1116 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19189", "FixedBy": "", - "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "Name": "CVE-2019-3843", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "997 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19190", "FixedBy": "", - "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "Name": "CVE-2019-3844", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-50495", "FixedBy": "", - "Description": "", - "Name": "CVE-2020-1712", + "Description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "Name": "ncurses: segmentation fault via _nc_wrap_entry() (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } @@ -2525,50 +1561,45 @@ ] }, { - "Name": "ncurses-base", + "Name": "sed", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "4.5-5.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "6.1+20181013-2+deb10u1", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.33.0-3.el8_2.1", + "BaseScores": [ + 7.5 + ], + "CVEIds": [ + "CVE-2023-44487" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "FixedBy": "6.1+20181013-2+deb10u2", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Name": "CVE-2019-17594", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "FixedBy": "6.1+20181013-2+deb10u2", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Name": "CVE-2019-17595", + "Severity": "High", + "NamespaceName": "RHEL8-rhel-8", + "Link": "https://access.redhat.com/errata/RHSA-2023:5837 https://access.redhat.com/security/cve/CVE-2023-44487", + "FixedBy": "0:1.33.0-5.el8_8", + "Description": "nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2023:5837: nghttp2 security update (Important)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } @@ -2576,60 +1607,65 @@ ] }, { - "Name": "findutils", + "Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "4.6.0+git+20190209-2", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v2.2.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/xrash/smetrics", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.0.0-20201216005158-039620a65673", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "filesystem", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.8-6.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "ncurses-bin", + "Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "6.1+20181013-2+deb10u1", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.0.6-26.el8", + "BaseScores": [ + 9.8 + ], + "CVEIds": [ + "CVE-2019-12900" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "FixedBy": "6.1+20181013-2+deb10u2", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Name": "CVE-2019-17594", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "FixedBy": "6.1+20181013-2+deb10u2", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Name": "CVE-2019-17595", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-12900", + "FixedBy": "", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. \n STATEMENT: This issue affects the versions of bzip2 as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat JBoss Fuse 7 uses a Java implemntation of bzip2, this is different to the bzip2 this vulnerability exists in.", + "Name": "CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Score": 9.8 } } } @@ -2637,147 +1673,204 @@ ] }, { - "Name": "gcc-8-base", + "Name": "libksba", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "8.3.0-6", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.3.5-9.el8_7", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "audit-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.0.7-4.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "gpgv", + "Name": "libblkid", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.2.12-1+deb10u1", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.32.1-42.el8_8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/docker/docker-credential-helpers", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.7.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/jackc/pgservicefile", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.0.0-20221227161230-091c0ba34f0a", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/jackc/puddle", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.3.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "crypto-policies", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "20221215-1.gitece0092.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "npth", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.5-4.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "sqlite-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.26.0-18.el8_8", + "BaseScores": [ + 7.3, + 7.5, + 7.5, + 7.5, + 5.5 + ], + "CVEIds": [ + "CVE-2019-19244", + "CVE-2019-9936", + "CVE-2019-9937", + "CVE-2023-36191", + "CVE-2023-7104", + "CVE-2024-0232" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455", - "FixedBy": "", - "Description": "gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command \"gpg --verify\".", - "Name": "CVE-2006-0455", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8", + "Link": "https://access.redhat.com/errata/RHSA-2024:0253 https://access.redhat.com/security/cve/CVE-2023-7104", + "FixedBy": "0:3.26.0-19.el8_9", + "Description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2024:0253: sqlite security update (Moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "Score": 7.3 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-19244", "FixedBy": "", - "Description": "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.", - "Name": "CVE-2016-6313", + "Description": "DOCUMENTATION: A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service. \n STATEMENT: This flaw has been rated as having a security impact of Low. The versions of `sqlite` as shipped with Red Hat Enterprise Linux are compiled without SQLITE_DEBUG, so it's not possible to reproduce the crash. The invalid Mem object may still lead to undefined behaviors, though no notable defects have been observed.", + "Name": "CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-9936", "FixedBy": "", - "Description": "A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.", - "Name": "CVE-2019-14855", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.", + "Name": "CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 7.5 } } } - } - ] - }, - { - "Name": "grep", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "3.3-1", - "Vulnerabilities": [ - - ] - }, - { - "Name": "apt", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.8.2", - "Vulnerabilities": [ + }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3374", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-9937", "FixedBy": "", - "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", - "Name": "CVE-2011-3374", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.", + "Name": "CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } - } - ] - }, - { - "Name": "gzip", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.9-3", - "Vulnerabilities": [ + }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0603", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-36191", "FixedBy": "", - "Description": "gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.", - "Name": "CVE-2004-0603", + "Description": "DOCUMENTATION: A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack. \n STATEMENT: This vulnerability has been rated as Low security impact because the CLI fault on missing '-nonce', though it could cause a crash in CLI, it doesn't possess a real security risk.", + "Name": "CLI fault on missing -nonce (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { "Vectors": "", @@ -2787,22 +1880,22 @@ } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1349", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2024-0232", "FixedBy": "", - "Description": "gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.", - "Name": "CVE-2004-1349", + "Description": "DOCUMENTATION: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "Name": "sqlite: use-after-free bug in jsonParseAddNodeArray (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } @@ -2810,119 +1903,128 @@ ] }, { - "Name": "hostname", + "Name": "libcap", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "3.21", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.48-5.el8_8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "init-system-helpers", + "Name": "json-c", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.56+nmu1", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.13.1-3.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libacl1", + "Name": "github.com/Masterminds/semver", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.2.53-4", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.5.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libapt-pkg5.0", + "Name": "github.com/russross/blackfriday/v2", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.8.2", - "Vulnerabilities": [ - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3374", - "FixedBy": "", - "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", - "Name": "CVE-2011-3374", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - } - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v2.1.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libattr1", + "Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1:2.4.48-4", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.45.6-5.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libaudit-common", + "Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1:2.8.4-3", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.5.3", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libaudit1", + "Name": "github.com/rs/zerolog", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1:2.8.4-3", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.30.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libblkid1", + "Name": "file-libs", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.33.1-0.1", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "5.33-24.el8", + "BaseScores": [ + 4.4, + 6.5 + ], + "CVEIds": [ + "CVE-2019-8905", + "CVE-2019-8906" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-8906", "FixedBy": "", - "Description": "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.", - "Name": "CVE-2007-0822", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", + "Name": "CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "Score": 4.4 + } + } + } + }, + { + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-8905", + "FixedBy": "", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", + "Name": "CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low)", + "Metadata": { + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", + "RepoLink": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } @@ -2930,438 +2032,643 @@ ] }, { - "Name": "libbz2-1.0", + "Name": "github.com/quay/clair/v4", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.0.6-9.2~deb10u1", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "(devel)", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libc-bin", + "Name": "libssh-config", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.28-10", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.9.6-10.el8_8", + "BaseScores": [ + 5.9, + 4.8, + 5.3 + ], + "CVEIds": [ + "CVE-2023-48795", + "CVE-2023-6004", + "CVE-2023-6918" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0403", - "FixedBy": "", - "Description": "init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.", - "Name": "CVE-2005-0403", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0537", - "FixedBy": "", - "Description": "Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.", - "Name": "CVE-2009-0537", - "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, - "NVD": { - "CVSSv3": { - "Vectors": "", - "Score": "" - } - } - } - }, - { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4051", - "FixedBy": "", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Name": "CVE-2010-4051", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795", + "FixedBy": "0:0.9.6-13.el8_9", + "Description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2024:0628: libssh security update (Moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "Score": 5.9 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4052", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-6004", "FixedBy": "", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Name": "CVE-2010-4052", + "Description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "Name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "Score": 4.8 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-6918", "FixedBy": "", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Name": "CVE-2010-4756", + "Description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "Name": "libssh: Missing checks for return values for digests (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "Score": 5.3 } } } - }, + } + ] + }, + { + "Name": "pcre2", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "10.32-3.el8_6", + "BaseScores": [ + 7.5 + ], + "CVEIds": [ + "CVE-2022-41409" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2022-41409", "FixedBy": "", - "Description": "Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.", - "Name": "CVE-2011-0536", + "Description": "DOCUMENTATION: A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack. \n STATEMENT: Red Hat Product Security classifies this issue as having a Low security impact. The vulnerability involves an infinite loop in a command-line utility, which is not typically designed to handle untrusted input. As a result, it is assessed that this does not pose a substantial security risk and does not lead to any meaningful security impact.", + "Name": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } - }, + } + ] + }, + { + "Name": "grep", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.1-6.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "openssl-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1:1.1.1k-9.el8_7", + "BaseScores": [ + 5.3, + 7.5, + 5.3, + 5.3, + 6.5, + 5.5 + ], + "CVEIds": [ + "CVE-2023-0464", + "CVE-2023-0465", + "CVE-2023-0466", + "CVE-2023-2650", + "CVE-2023-3446", + "CVE-2023-3817", + "CVE-2023-5678", + "CVE-2024-0727" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2702", - "FixedBy": "", - "Description": "Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.", - "Name": "CVE-2011-2702", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8", + "Link": "https://access.redhat.com/errata/RHSA-2023:7877 https://access.redhat.com/security/cve/CVE-2023-3446 https://access.redhat.com/security/cve/CVE-2023-3817 https://access.redhat.com/security/cve/CVE-2023-5678", + "FixedBy": "1:1.1.1k-12.el8_9", + "Description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)\n\n* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)\n\n* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2023:7877: openssl security update (Low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "Score": 5.3 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5229", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-0464", "FixedBy": "", - "Description": "The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.", - "Name": "CVE-2015-5229", + "Description": "DOCUMENTATION: A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", + "Name": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-0465", "FixedBy": "", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Name": "CVE-2016-10228", + "Description": "DOCUMENTATION: A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", + "Name": "openssl: Invalid certificate policies in leaf certificates are silently ignored (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "Score": 5.3 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17426", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-0466", "FixedBy": "", - "Description": "The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.", - "Name": "CVE-2017-17426", + "Description": "DOCUMENTATION: A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", + "Name": "openssl: Certificate policy check not enabled (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "Score": 5.3 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-2650", "FixedBy": "", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Name": "CVE-2018-20796", + "Description": "DOCUMENTATION: A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service. \n STATEMENT: CVE-2023-2650 can't cause DoS on machines with OpenSSL 1.1.1 and so is considered LOW for RHEL 8.", + "Name": "openssl: Possible DoS translating ASN.1 object identifiers (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2024-0727", "FixedBy": "", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Name": "CVE-2019-1010022", + "Description": "DOCUMENTATION: A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service. \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "Name": "openssl: denial of service via null dereference (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } - }, + } + ] + }, + { + "Name": "tzdata", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2023c-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "pcre", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "8.42-6.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/jackc/pgproto3/v2", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v2.3.2", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "golang.org/x/sys", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.11.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "modernc.org/mathutil", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.5.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libxml2", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.9.7-16.el8_8.1", + "BaseScores": [ + 6.5, + 7.5, + 6.5 + ], + "CVEIds": [ + "CVE-2023-39615", + "CVE-2023-45322", + "CVE-2024-25062" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023", - "FixedBy": "", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Name": "CVE-2019-1010023", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8", + "Link": "https://access.redhat.com/errata/RHSA-2024:0119 https://access.redhat.com/security/cve/CVE-2023-39615", + "FixedBy": "0:2.9.7-18.el8_9", + "Description": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "Name": "RHSA-2024:0119: libxml2 security update (Moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2024-25062", "FixedBy": "", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Name": "CVE-2019-1010024", + "Description": "DOCUMENTATION: A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", + "Name": "libxml2: use-after-free in XMLReader (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-45322", "FixedBy": "", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Name": "CVE-2019-1010025", + "Description": "DOCUMENTATION: A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability. \n STATEMENT: The libxml2 project does not consider this issue to be a vulnerability because it can only be triggered in an out-of-memory condition or when the --maxmem command line option of the xmllint program is used to limit the number of memory allocation done by the parser. This is intended behavior and it's used to detect similar issues.\n\nRed Hat Product Security agrees with that decision. However, Red Hat will try to address this issue in affected products.", + "Name": "libxml2: use-after-free in xmlUnlinkNode() in tree.c (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } - }, + } + ] + }, + { + "Name": "p11-kit-trust", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.23.22-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "gawk", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "4.2.1-4.el8", + "BaseScores": [ + 7.1 + ], + "CVEIds": [ + "CVE-2023-4156" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-4156", "FixedBy": "", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Name": "CVE-2019-19126", + "Description": "DOCUMENTATION: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "Name": "gawk: heap out of bound read in builtin.c (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "Score": 7.1 } } } - }, + } + ] + }, + { + "Name": "github.com/containerd/stargz-snapshotter/estargz", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.14.3", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/google/go-containerregistry", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.15.2", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "info", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "6.5-7.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/urfave/cli/v2", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v2.25.7", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.42.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libunistring", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.9.9-3.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "glibc", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.28-225.el8_8.6", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libcurl", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "7.61.1-30.el8_8.3", + "BaseScores": [ + 3.7, + 8.8, + 3.7, + 6.5 + ], + "CVEIds": [ + "CVE-2023-27534", + "CVE-2023-28322", + "CVE-2023-38546", + "CVE-2023-46218" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-28322", "FixedBy": "", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Name": "CVE-2019-9192", + "Description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", + "Name": "curl: more POST-after-PUT confusion (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "Score": 3.7 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-27534", "FixedBy": "", - "Description": "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", - "Name": "CVE-2020-10029", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", + "Name": "curl: SFTP path ~ resolving discrepancy (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "Score": 8.8 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1751", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-38546", "FixedBy": "", - "Description": "", - "Name": "CVE-2020-1751", + "Description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.", + "Name": "curl: cookie injection with none file (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "Score": 3.7 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1752", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-46218", "FixedBy": "", - "Description": "", - "Name": "CVE-2020-1752", + "Description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.", + "Name": "curl: information disclosure by exploiting a mixed case flaw (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "Score": 6.5 } } } @@ -3369,109 +2676,192 @@ ] }, { - "Name": "libc6", + "Name": "microdnf", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.8.0-2.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "stdlib", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "go1.20.9", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/mattn/go-colorable", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.1.13", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "go.opentelemetry.io/otel/trace", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.16.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "glibc-minimal-langpack", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.28-225.el8_8.6", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.28-10", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "8.5.0-18.el8", + "BaseScores": [ + 7.5, + 5.5, + 8.3, + 5.5 + ], + "CVEIds": [ + "CVE-2018-20657", + "CVE-2019-14250", + "CVE-2021-42694", + "CVE-2022-27943" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0403", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-20657", "FixedBy": "", - "Description": "init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.", - "Name": "CVE-2005-0403", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0537", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-14250", "FixedBy": "", - "Description": "Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.", - "Name": "CVE-2009-0537", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.", + "Name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4051", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2021-42694", "FixedBy": "", - "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "Name": "CVE-2010-4051", + "Description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.", + "Name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "Score": 8.3 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4052", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2022-27943", "FixedBy": "", - "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "Name": "CVE-2010-4052", + "Description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "Name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } - }, + } + ] + }, + { + "Name": "ubi8-minimal-container", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "8.8-1072.1696517598", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/docker/docker", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v23.0.5+incompatible", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [ { "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756", + "NamespaceName": "osv/go", + "Link": "https://github.com/moby/moby/security/advisories/GHSA-jq35-85cj-fj4p https://github.com/moby/moby/commit/48ebe353e49a9def5e6679f6e386b0efb1c95f0e https://github.com/moby/moby/commit/81ebe71275768629689a23bc3bca34b3b374a6a6 https://github.com/moby/moby/commit/c9ccbfad11a60e703e91b6cca4f48927828c7e35 https://github.com/moby/moby https://github.com/moby/moby/releases/tag/v20.10.27 https://github.com/moby/moby/releases/tag/v23.0.8 https://github.com/moby/moby/releases/tag/v24.0.7", "FixedBy": "", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Name": "CVE-2010-4756", + "Description": "/sys/devices/virtual/powercap accessible by default to containers", + "Name": "GHSA-jq35-85cj-fj4p", "Metadata": { - "UpdatedBy": "", - "RepoName": null, - "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "UpdatedBy": "osv/go", + "RepoName": "go", + "RepoLink": "https://pkg.go.dev/", + "DistroName": "", + "DistroVersion": "", "NVD": { "CVSSv3": { "Vectors": "", @@ -3479,318 +2869,556 @@ } } } - }, + } + ] + }, + { + "Name": "go.opentelemetry.io/otel", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.16.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "lz4-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.8.3-3.el8_4", + "BaseScores": [ + 8.1 + ], + "CVEIds": [ + "CVE-2019-17543" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-17543", "FixedBy": "", - "Description": "Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.", - "Name": "CVE-2011-0536", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\" \n STATEMENT: As per upstream this flaw cannot be exploited under normal documented use of the LZ4 library API. Also this flaw is only present in the lz4 library and the application binaries shipped with this application are not affected by it. \n\nRed Hat OpenStack Platform 10 packages an older version of lz4 that has the flawed code. However, because OpenStack has been using RHEL's updated lz4 version since RHEL7.5 started to include it, Red Hat is not currently updating the OpenStack lz4 package.", + "Name": "CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Score": 8.1 + } + } + } + } + ] + }, + { + "Name": "libidn2", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.2.0-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/dustin/go-humanize", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.0.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/klauspost/compress", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.17.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/quay/claircore/toolkit", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.1.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "golang.org/x/net", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.14.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libattr", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.4.48-3.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "keyutils-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.5.10-9.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "google.golang.org/protobuf", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.31.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/matttproud/golang_protobuf_extensions", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.0.4", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "modernc.org/libc", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.24.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "ncurses-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "6.1-9.20180224.el8_8.1", + "BaseScores": [ + 8.8, + 5.5, + 6.5, + 6.5, + 6.5, + 6.5, + 6.5, + 6.5, + 6.5, + 6.5 + ], + "CVEIds": [ + "CVE-2018-19211", + "CVE-2018-19217", + "CVE-2020-19185", + "CVE-2020-19186", + "CVE-2020-19187", + "CVE-2020-19188", + "CVE-2020-19189", + "CVE-2020-19190", + "CVE-2021-39537", + "CVE-2023-50495" + ], + "Vulnerabilities": [ + { + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2021-39537", + "FixedBy": "", + "Description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.", + "Name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)", + "Metadata": { + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", + "RepoLink": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "Score": 8.8 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2702", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-19211", "FixedBy": "", - "Description": "Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.", - "Name": "CVE-2011-2702", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "Name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5229", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-19217", "FixedBy": "", - "Description": "The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.", - "Name": "CVE-2015-5229", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "Name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19185", "FixedBy": "", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Name": "CVE-2016-10228", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17426", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19186", "FixedBy": "", - "Description": "The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.", - "Name": "CVE-2017-17426", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19187", "FixedBy": "", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "Name": "CVE-2018-20796", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19188", "FixedBy": "", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Name": "CVE-2019-1010022", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "1116 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19189", "FixedBy": "", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Name": "CVE-2019-1010023", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "997 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2020-19190", "FixedBy": "", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "Name": "CVE-2019-1010024", + "Description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "Name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-50495", "FixedBy": "", - "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "Name": "CVE-2019-1010025", + "Description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "Name": "ncurses: segmentation fault via _nc_wrap_entry() (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 6.5 } } } - }, + } + ] + }, + { + "Name": "gmp", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1:6.1.2-10.el8", + "BaseScores": [ + 7.5 + ], + "CVEIds": [ + "CVE-2021-43618" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2021-43618", "FixedBy": "", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Name": "CVE-2019-19126", + "Description": "DOCUMENTATION: A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability. \n STATEMENT: Exploitation is only possible on 32-bit systems. The susceptible GMP package is not tethered to the network stack, so it can only be exploited via a file already on the local system. This can be achieved either by the attacker gaining local login credentials or alternatively; by tricking a user into loading then executing a malicious file. Because of these combined reasons Red Hat Product Security rates the impact as Moderate.", + "Name": "gmp: Integer overflow and resultant buffer overflow via crafted input (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } - }, + } + ] + }, + { + "Name": "elfutils-libelf", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.188-3.el8", + "BaseScores": [ + 5.5 + ], + "CVEIds": [ + "CVE-2021-33294" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2021-33294", "FixedBy": "", - "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "Name": "CVE-2019-9192", + "Description": "DOCUMENTATION: A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service. \n STATEMENT: This CVE is under investigation by Red Hat Product Security.\n\nNote: Upstream would categorize this as a simple bug, not a security issue. Since most elfutils tools are run in short-lived, local, interactive, development contexts rather than remotely \"in production\", we generally treat malfunctions as ordinary bugs rather than security vulnerabilities.\nThe version, as shipped in Red Hat Enterprise Linux 9, is not affected by this vulnerability.", + "Name": "elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } - }, + } + ] + }, + { + "Name": "lua-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "5.3.4-12.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "systemd-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "239-74.el8_8.5", + "BaseScores": [ + 9.8, + 5.5, + 5.9 + ], + "CVEIds": [ + "CVE-2018-20839", + "CVE-2021-3997", + "CVE-2023-7008" + ], + "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-20839", "FixedBy": "", - "Description": "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", - "Name": "CVE-2020-10029", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "Name": "CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Score": 9.8 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1751", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2021-3997", "FixedBy": "", - "Description": "", - "Name": "CVE-2020-1751", + "Description": "DOCUMENTATION: A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. \n STATEMENT: Red Hat Enterprise Linux 8 has a default 1024 nofile limit, thus preventing `systemd-tmpfiles` from exhausting its stack and crashing. For this reason, this flaw has been rated as having a security impact of Low on Red Hat Enterprise Linux 8. For more information on default ulimit values, please see https://access.redhat.com/solutions/4482841.\n\nIn OpenShift Container Platform (OCP) systemd package was shipped with OCP 4.7 as a one-off instance and all the later OCP releases (4.8, 4.9) are using systemd from RHEL 8. Hence, the systemd package shipped with OCP 4.7 will not be fixed and the fix will be consumed from RHEL 8.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "Name": "Uncontrolled recursion in systemd-tmpfiles when removing files (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1752", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-7008", "FixedBy": "", - "Description": "", - "Name": "CVE-2020-1752", + "Description": "DOCUMENTATION: A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. \n STATEMENT: This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nNote that DNSSEC= option is by default set to 'no' and changing the value requires root privileges.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "Name": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "Score": 5.9 } } } @@ -3798,59 +3426,155 @@ ] }, { - "Name": "libcap-ng0", + "Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "0.7.9-2", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.1.27-6.el8_5", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libdb5.3", + "Name": "modernc.org/sqlite", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "5.3.28+dfsg1-0.5", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.26.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libdebconfclient0", + "Name": "libsepol", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "0.249", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.9-3.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/go-logr/stdr", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.2.2", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/mattn/go-isatty", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.0.16", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "gopkg.in/yaml.v3", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v3.0.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "redhat-release", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "8.8-0.8.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "langpacks-en", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.0-12.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libverto", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.3.2-2.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/streadway/amqp", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "Version": "v1.1.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/quay/zlog", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.1.5", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/vbatts/tar-split", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.11.3", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libfdisk1", + "Name": "libzstd", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.33.1-0.1", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.4.4-1.el8", + "BaseScores": [ + 4.7 + ], + "CVEIds": [ + "CVE-2021-24032" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2021-24032", "FixedBy": "", - "Description": "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.", - "Name": "CVE-2007-0822", + "Description": "DOCUMENTATION: A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled). \n STATEMENT: In OpenShift Container Platform (OCP) the zstd package was delivered in OCP 4.3 which is already end of life.", + "Name": "zstd: Race condition allows attacker to access world-readable destination file (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "Score": 4.7 } } } @@ -3858,140 +3582,290 @@ ] }, { - "Name": "libffi6", + "Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "3.2.1-9", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.28-225.el8_8.6", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "libgcc1", + "Name": "libsolv", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1:8.3.0-6", - "Vulnerabilities": [ - - ] + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.7.20-4.el8_7", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/docker/cli", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v23.0.5+incompatible", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/go-logr/logr", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.2.4", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/ldelossa/responserecorder", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.0.2-0.20210711162258-40bec93a9325", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "readline", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "7.0-10.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libmount", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.32.1-42.el8_8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libpsl", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.20.2-6.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libdnf", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.63.0-14.el8_8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libffi", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.1-24.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "nettle", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "3.4.1-7.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/pyroscope-io/godeltaprof", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "Version": "v0.1.2", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "zlib", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.2.11-21.el8_7", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "xz-libs", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "5.2.4-4.el8_6", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libxcrypt", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "4.1.1-6.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] }, { - "Name": "base-passwd", + "Name": "openldap", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "3.5.46", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.4.46-18.el8", + "BaseScores": [ + 7.5 + ], + "CVEIds": [ + "CVE-2023-2953" + ], "Vulnerabilities": [ - + { + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2023-2953", + "FixedBy": "", + "Description": "DOCUMENTATION: A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function.", + "Name": "null pointer dereference in ber_memalloc_x function (low)", + "Metadata": { + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", + "RepoLink": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 + } + } + } + } ] }, { - "Name": "libgcrypt20", + "Name": "libgcc", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.8.4-5", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "8.5.0-18.el8", + "BaseScores": [ + 7.5, + 5.5, + 8.3, + 5.5 + ], + "CVEIds": [ + "CVE-2018-20657", + "CVE-2019-14250", + "CVE-2021-42694", + "CVE-2022-27943" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2018-20657", "FixedBy": "", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Name": "CVE-2019-12904", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "Name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Score": 7.5 } } } }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-14250", "FixedBy": "", - "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", - "Name": "CVE-2019-13627", + "Description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.", + "Name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } - } - ] - }, - { - "Name": "libgmp10", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2:6.1.2+dfsg-4", - "Vulnerabilities": [ - - ] - }, - { - "Name": "libgpg-error0", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.35-1", - "Vulnerabilities": [ - - ] - }, - { - "Name": "libhogweed4", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "3.4.1-1", - "Vulnerabilities": [ - - ] - }, - { - "Name": "liblz4-1", - "VersionFormat": "", - "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "1.8.3-1", - "Vulnerabilities": [ + }, { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2021-42694", "FixedBy": "", - "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "Name": "CVE-2019-17543", + "Description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.", + "Name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "Score": 8.3 + } + } + } + }, + { + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2022-27943", + "FixedBy": "", + "Description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "Name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)", + "Metadata": { + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", + "RepoLink": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", + "NVD": { + "CVSSv3": { + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "Score": 5.5 } } } @@ -3999,29 +3873,35 @@ ] }, { - "Name": "liblzma5", + "Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "5.2.4-1", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.2.20-3.el8_6", + "BaseScores": [ + 3.3 + ], + "CVEIds": [ + "CVE-2022-3219" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4035", + "Severity": "Low", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2022-3219", "FixedBy": "", - "Description": "scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.", - "Name": "CVE-2015-4035", + "Description": "DOCUMENTATION: A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "Name": "denial of service issue (resource consumption) using compressed packets (low)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "Score": 3.3 } } } @@ -4029,34 +3909,130 @@ ] }, { - "Name": "libmount1", + "Name": "bash", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "4.4.20-4.el8_6", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libacl", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "2.2.53-1.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/mitchellh/go-homedir", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.1.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/prometheus/client_golang", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.17.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/go-stomp/stomp/v3", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "Version": "v3.0.5", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", - "AddedBy": "sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "Version": "2.33.1-0.1", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "1.8.5-7.el8_6", + "BaseScores": [ + 5.9 + ], + "CVEIds": [ + "CVE-2019-12904" + ], "Vulnerabilities": [ { - "Severity": "Unknown", - "NamespaceName": "", - "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822", + "Severity": "Medium", + "NamespaceName": "RHEL8-rhel-8-including-unpatched", + "Link": "https://access.redhat.com/security/cve/CVE-2019-12904", "FixedBy": "", - "Description": "umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.", - "Name": "CVE-2007-0822", + "Description": "DOCUMENTATION: [Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation. \n STATEMENT: Please note that this issue is more theoretical than practical in terms of potential attack scenarios. The upstream developers have disputed this CVE, and the patches they supplied seem to focus more on hardening. Refer to external references for further details.", + "Name": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate)", "Metadata": { - "UpdatedBy": "", - "RepoName": null, + "UpdatedBy": "RHEL8-rhel-8-including-unpatched", + "RepoName": "cpe:/o:redhat:enterprise_linux:8::baseos", "RepoLink": null, - "DistroName": null, - "DistroVersion": null, + "DistroName": "Red Hat Enterprise Linux Server", + "DistroVersion": "8", "NVD": { "CVSSv3": { - "Vectors": "", - "Score": "" + "Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "Score": 5.9 } } } } ] + }, + { + "Name": "libyaml", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "Version": "0.1.7-5.el8", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/opencontainers/image-spec", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v1.1.0-rc3", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "github.com/pkg/errors", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v0.9.1", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] + }, + { + "Name": "gopkg.in/square/go-jose.v2", + "VersionFormat": "", + "NamespaceName": "", + "AddedBy": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "Version": "v2.6.0", + "BaseScores": [], + "CVEIds": [], + "Vulnerabilities": [] } ] } diff --git a/data/secscan_model/test/securityinformation_deduped.json b/data/secscan_model/test/securityinformation_deduped.json index e06708fc38..55b09ab65e 100644 --- a/data/secscan_model/test/securityinformation_deduped.json +++ b/data/secscan_model/test/securityinformation_deduped.json @@ -11,7 +11,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.2.53-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "alembic", @@ -19,7 +21,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.3.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "aniso8601", @@ -27,7 +31,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "apscheduler", @@ -35,7 +41,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.6.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "attrs", @@ -43,7 +51,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "19.3.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "audit-libs", @@ -51,7 +61,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.0.7-2.el8.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "authlib", @@ -59,7 +71,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.0.0a1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "aws-sam-translator", @@ -67,7 +81,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.20.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "azure-core", @@ -75,7 +91,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.8.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "azure-storage-blob", @@ -83,7 +101,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "12.4.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "babel", @@ -91,7 +111,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.9.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "basesystem", @@ -99,7 +121,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "11-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "bash", @@ -107,7 +131,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.4.20-4.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "bcrypt", @@ -115,7 +141,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.1.7", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "beautifulsoup4", @@ -123,7 +151,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "4.8.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "bintrees", @@ -131,7 +161,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "bitmath", @@ -139,7 +171,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.3.3.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "blinker", @@ -147,7 +181,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "boto3", @@ -155,7 +191,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.21.42", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "botocore", @@ -163,7 +201,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.24.42", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "brotli", @@ -171,7 +211,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.0.6-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "bzip2-libs", @@ -179,7 +221,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.0.6-26.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ca-certificates", @@ -187,7 +231,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2021.2.50-80.0.el8_4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cachetools", @@ -195,7 +241,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "4.0.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "certifi", @@ -203,7 +251,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2019.11.28", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cffi", @@ -211,7 +261,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.14.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "chardet", @@ -219,7 +271,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.0.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "charset-normalizer", @@ -227,7 +281,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.0.12", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "chkconfig", @@ -235,7 +291,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.19.1-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "click", @@ -243,7 +301,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "7.1.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cnr-server", @@ -251,7 +311,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.2.7.post1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "containers-common", @@ -259,7 +321,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2:1-35.module+el8.6.0+15917+093ca6f8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "coreutils-single", @@ -267,7 +331,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "8.30-12.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cracklib", @@ -275,7 +341,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.9.6-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cracklib-dicts", @@ -283,7 +351,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.9.6-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "criu", @@ -291,7 +361,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.15-3.module+el8.6.0+15875+dc9a2b96", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "crypto-policies", @@ -299,7 +371,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "20211116-1.gitae470d6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "crypto-policies-scripts", @@ -307,7 +381,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "20211116-1.gitae470d6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cryptography", @@ -315,7 +391,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.3.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cryptsetup-libs", @@ -323,7 +401,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.3.7-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "curl", @@ -331,7 +411,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "7.61.1-22.el8_6.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cyrus-sasl-lib", @@ -339,7 +421,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.1.27-6.el8_5", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cython", @@ -347,7 +431,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.0.0a9", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "datetime", @@ -355,7 +441,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "4.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dbus", @@ -363,7 +451,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:1.12.8-18.el8_6.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dbus-common", @@ -371,7 +461,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:1.12.8-18.el8_6.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dbus-daemon", @@ -379,7 +471,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:1.12.8-18.el8_6.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dbus-glib", @@ -387,7 +481,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.110-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dbus-libs", @@ -395,7 +491,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:1.12.8-18.el8_6.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dbus-python", @@ -403,7 +501,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.2.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dbus-tools", @@ -411,7 +511,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:1.12.8-18.el8_6.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "debtcollector", @@ -419,7 +521,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.22.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "decorator", @@ -427,7 +531,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "4.4.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "decorator", @@ -435,7 +541,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.2.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dejavu-fonts-common", @@ -443,7 +551,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.35-7.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dejavu-sans-fonts", @@ -451,7 +561,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.35-7.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "deprecated", @@ -459,7 +571,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.2.7", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "device-mapper", @@ -467,7 +581,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "8:1.02.181-3.el8_6.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "device-mapper-libs", @@ -475,7 +591,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "8:1.02.181-3.el8_6.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dmidecode", @@ -483,7 +601,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:3.3-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dnf", @@ -491,7 +611,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.7.0-8.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dnf-data", @@ -499,7 +621,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.7.0-8.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dnf-plugin-subscription-manager", @@ -507,7 +631,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.28.29-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dnsmasq", @@ -515,7 +641,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.79-21.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "dumb-init", @@ -523,7 +651,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.2.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "elasticsearch", @@ -531,7 +661,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "7.0.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "elasticsearch-dsl", @@ -539,7 +671,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "7.0.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "elfutils-default-yama-scope", @@ -547,7 +681,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.186-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "elfutils-libelf", @@ -555,7 +691,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.186-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "elfutils-libs", @@ -563,7 +701,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.186-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ethtool", @@ -571,7 +711,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.14", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "expat", @@ -579,7 +721,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.2.5-8.el8_6.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "file-libs", @@ -587,7 +731,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "5.33-20.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "filesystem", @@ -595,7 +741,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.8-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "findutils", @@ -603,7 +751,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:4.6.0-20.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "flask", @@ -611,7 +761,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.1.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "flask-cors", @@ -619,7 +771,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.0.9", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "flask-login", @@ -627,7 +781,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.4.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "flask-mail", @@ -635,7 +791,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.9.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "flask-principal", @@ -643,7 +801,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.4.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "flask-restful", @@ -651,7 +811,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.3.9", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "fontconfig", @@ -659,7 +821,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.13.1-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "fontpackages-filesystem", @@ -667,7 +831,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.44-22.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "freetype", @@ -675,7 +841,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.9.1-4.el8_3.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "furl", @@ -683,7 +851,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "fuse-common", @@ -691,7 +861,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.3.0-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "fuse-overlayfs", @@ -699,7 +871,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.9-1.module+el8.6.0+15917+093ca6f8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "fuse3", @@ -707,7 +881,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.3.0-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "fuse3-libs", @@ -715,7 +891,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.3.0-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "futures", @@ -723,7 +901,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.1.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gawk", @@ -731,7 +911,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.2.1-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gd", @@ -739,7 +921,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.2.5-7.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gdb-gdbserver", @@ -747,7 +931,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "8.2-18.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gdbm", @@ -755,7 +941,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:1.18-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gdbm-libs", @@ -763,7 +951,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:1.18-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "geoip2", @@ -771,7 +961,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.0.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gevent", @@ -779,7 +971,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "21.8.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "glib2", @@ -787,7 +981,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.56.4-158.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "glibc", @@ -795,7 +991,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.28-189.5.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "glibc-common", @@ -803,7 +1001,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.28-189.5.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "glibc-minimal-langpack", @@ -811,7 +1011,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.28-189.5.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gmp", @@ -819,7 +1021,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:6.1.2-10.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gnupg2", @@ -849,7 +1053,9 @@ } } } - ] + ], + "BaseScores": [], + "CVEIds": ["CVE-2022-34903"] }, { "Name": "gnutls", @@ -857,7 +1063,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.6.16-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gobject-introspection", @@ -865,7 +1073,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.56.1-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gpg-pubkey", @@ -873,7 +1083,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "fd431d51-4ae0493b", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gpg-pubkey", @@ -881,7 +1093,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "d4082792-5b32db75", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gpgme", @@ -889,7 +1103,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.13.1-11.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "greenlet", @@ -897,7 +1113,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.1.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "grep", @@ -905,7 +1123,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.1-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "groff-base", @@ -913,7 +1133,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.22.3-18.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "grpcio", @@ -921,7 +1143,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.30.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gunicorn", @@ -929,7 +1153,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "20.1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gzip", @@ -937,7 +1163,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.9-13.el8_5", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "hashids", @@ -945,7 +1173,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.2.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "html5lib", @@ -953,7 +1183,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.0.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "idna", @@ -961,7 +1193,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.5", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "idna", @@ -969,7 +1203,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ima-evm-utils", @@ -977,7 +1213,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.3.2-12.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "importlib-metadata", @@ -985,7 +1223,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.4.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "info", @@ -993,7 +1233,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "6.5-7.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "iniparse", @@ -1001,7 +1243,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "iptables-libs", @@ -1009,7 +1253,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.8.4-22.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "iso8601", @@ -1017,7 +1263,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.1.12", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "isodate", @@ -1025,7 +1273,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.6.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "itsdangerous", @@ -1033,7 +1283,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jansson", @@ -1041,7 +1293,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.14-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jasmine-core", @@ -1049,7 +1303,9 @@ "NamespaceName": "", "AddedBy": "sha256:55d1c0fb65e634002b0c983896141d5f7fe976672630e402d451e1478d8a7588", "Version": "2.8.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jasmine-core", @@ -1057,7 +1313,9 @@ "NamespaceName": "", "AddedBy": "sha256:55d1c0fb65e634002b0c983896141d5f7fe976672630e402d451e1478d8a7588", "Version": "3.0.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jbigkit-libs", @@ -1065,7 +1323,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.1-14.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jinja2", @@ -1073,7 +1333,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.11.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jmespath", @@ -1081,7 +1343,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.9.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "json-c", @@ -1089,7 +1353,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.13.1-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "json-glib", @@ -1097,7 +1363,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.4.4-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jsonpath-rw", @@ -1105,7 +1373,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.4.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jsonpickle", @@ -1113,7 +1383,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jsonpointer", @@ -1121,7 +1393,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "jsonschema", @@ -1129,7 +1403,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.2.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "kafka-python", @@ -1137,7 +1413,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.4.7", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "keystoneauth1", @@ -1145,7 +1423,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.18.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "keyutils-libs", @@ -1153,7 +1433,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.5.10-9.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "kmod", @@ -1161,7 +1443,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "25-19.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "kmod-libs", @@ -1169,7 +1453,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "25-19.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "krb5-libs", @@ -1177,7 +1463,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.18.2-14.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "langpacks-en", @@ -1185,7 +1473,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.0-12.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libX11", @@ -1193,7 +1483,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.6.8-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libX11-common", @@ -1201,7 +1493,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.6.8-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libXau", @@ -1209,7 +1503,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.0.9-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libXpm", @@ -1217,7 +1513,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.5.12-8.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libacl", @@ -1225,7 +1523,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.2.53-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libarchive", @@ -1233,7 +1533,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.3.3-3.el8_5", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libassuan", @@ -1241,7 +1543,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.5.1-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libattr", @@ -1249,7 +1553,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.4.48-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libblkid", @@ -1257,7 +1563,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.32.1-35.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libcap", @@ -1265,7 +1573,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.48-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libcap-ng", @@ -1273,7 +1583,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.7.11-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libcom_err", @@ -1281,7 +1593,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.45.6-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libcomps", @@ -1289,7 +1603,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.1.18", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libcomps", @@ -1297,7 +1613,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.1.18-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libcurl", @@ -1305,7 +1623,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "7.61.1-22.el8_6.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libdb", @@ -1313,7 +1633,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "5.3.28-42.el8_4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libdb-utils", @@ -1321,7 +1643,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "5.3.28-42.el8_4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libdnf", @@ -1329,7 +1653,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.63.0-8.1.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libevent", @@ -1337,7 +1663,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.1.8-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libfdisk", @@ -1345,7 +1673,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.32.1-35.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libffi", @@ -1353,7 +1683,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.1-23.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libgcc", @@ -1361,7 +1693,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "8.5.0-10.1.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libgcrypt", @@ -1369,7 +1703,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.8.5-7.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libgpg-error", @@ -1377,7 +1713,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.31-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libibverbs", @@ -1385,7 +1723,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "37.2-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libidn2", @@ -1393,7 +1733,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.2.0-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libjpeg-turbo", @@ -1401,7 +1743,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.5.3-12.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libksba", @@ -1409,7 +1753,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.3.5-7.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libmnl", @@ -1417,7 +1763,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.0.4-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libmodulemd", @@ -1425,7 +1773,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.13.0-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libmount", @@ -1433,7 +1783,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.32.1-35.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libnet", @@ -1441,7 +1793,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.1.6-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libnftnl", @@ -1449,7 +1803,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.1.5-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libnghttp2", @@ -1457,7 +1813,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.33.0-3.el8_2.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libnl3", @@ -1465,7 +1823,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.5.0-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libnsl2", @@ -1473,7 +1833,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.2.0-2.20180605git4a062cf.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libpcap", @@ -1481,7 +1843,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "14:1.9.1-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libpkgconf", @@ -1489,7 +1853,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.4.2-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libpng", @@ -1497,7 +1863,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2:1.6.34-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libpq", @@ -1505,7 +1873,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "13.5-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libpq-devel", @@ -1513,7 +1883,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "13.5-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libpsl", @@ -1521,7 +1893,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.20.2-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libpwquality", @@ -1529,7 +1903,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.4.4-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "librepo", @@ -1537,7 +1913,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.14.2-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libreport-filesystem", @@ -1545,7 +1923,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.9.5-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "librhsm", @@ -1553,7 +1933,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.0.3-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libseccomp", @@ -1561,7 +1943,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.5.2-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libselinux", @@ -1569,7 +1953,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.9-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libsemanage", @@ -1577,7 +1963,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.9-8.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libsepol", @@ -1585,7 +1973,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.9-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libsigsegv", @@ -1593,7 +1983,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.11-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libslirp", @@ -1601,7 +1993,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4.4.0-1.module+el8.6.0+15875+dc9a2b96", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libsmartcols", @@ -1609,7 +2003,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.32.1-35.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libsolv", @@ -1617,7 +2013,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.7.20-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libssh", @@ -1625,7 +2023,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.9.6-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libssh-config", @@ -1633,7 +2033,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.9.6-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libstdc++", @@ -1641,7 +2043,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "8.5.0-10.1.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libtasn1", @@ -1649,7 +2053,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.13-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libtiff", @@ -1657,7 +2063,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4.0.9-21.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libtirpc", @@ -1665,7 +2073,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.1.4-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libunistring", @@ -1673,7 +2083,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.9.9-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libusbx", @@ -1681,7 +2093,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.0.23-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libuser", @@ -1689,7 +2103,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.62-24.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libutempter", @@ -1697,7 +2113,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.1.6-14.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libuuid", @@ -1705,7 +2123,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.32.1-35.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libverto", @@ -1713,7 +2133,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.3.0-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libwebp", @@ -1721,7 +2143,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.0.0-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libxcb", @@ -1729,7 +2153,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.13.1-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libxcrypt", @@ -1737,7 +2163,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.1.1-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libxml2", @@ -1745,7 +2173,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.9.7-13.el8_6.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libxslt", @@ -1753,7 +2183,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.1.32-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libyaml", @@ -1761,7 +2193,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.1.7-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libzstd", @@ -1769,7 +2203,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.4.4-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "lua-libs", @@ -1777,7 +2213,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "5.3.4-12.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "lz4-libs", @@ -1785,7 +2223,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.8.3-3.el8_4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "mako", @@ -1793,7 +2233,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.1.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "markupsafe", @@ -1801,7 +2243,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.1.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "maxminddb", @@ -1809,7 +2253,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.5.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "memcached", @@ -1817,7 +2263,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "0:1.5.22-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "mixpanel", @@ -1825,7 +2273,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "4.5.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "mpfr", @@ -1833,7 +2283,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.1.6-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "msgpack", @@ -1841,7 +2293,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.6.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "msrest", @@ -1849,7 +2303,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.6.21", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ncurses", @@ -1857,7 +2313,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "6.1-9.20180224.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ncurses-base", @@ -1865,7 +2323,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "6.1-9.20180224.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ncurses-libs", @@ -1873,7 +2333,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "6.1-9.20180224.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ndg-httpsclient", @@ -1881,7 +2343,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.5.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "netaddr", @@ -1889,7 +2353,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.7.19", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "netifaces", @@ -1897,7 +2363,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.10.9", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nettle", @@ -1905,7 +2373,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.4.1-7.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nftables", @@ -1913,7 +2383,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:0.9.3-25.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nginx", @@ -1921,7 +2393,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.14.1-9.module+el8.0.0+4108+af250afe", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nginx-all-modules", @@ -1929,7 +2403,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.14.1-9.module+el8.0.0+4108+af250afe", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nginx-filesystem", @@ -1937,7 +2413,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.14.1-9.module+el8.0.0+4108+af250afe", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nginx-mod-http-image-filter", @@ -1945,7 +2423,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.14.1-9.module+el8.0.0+4108+af250afe", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nginx-mod-http-perl", @@ -1953,7 +2433,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.14.1-9.module+el8.0.0+4108+af250afe", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nginx-mod-http-xslt-filter", @@ -1961,7 +2443,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.14.1-9.module+el8.0.0+4108+af250afe", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nginx-mod-mail", @@ -1969,7 +2453,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.14.1-9.module+el8.0.0+4108+af250afe", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "nginx-mod-stream", @@ -1977,7 +2463,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.14.1-9.module+el8.0.0+4108+af250afe", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "npth", @@ -1985,7 +2473,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.5-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "oauthlib", @@ -1993,7 +2483,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "openldap", @@ -2001,7 +2493,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.4.46-18.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "openssl", @@ -2009,7 +2503,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.1.1k-7.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "openssl-libs", @@ -2017,7 +2513,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:1.1.1k-7.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "orderedmultidict", @@ -2025,7 +2523,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.0.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "os-service-types", @@ -2033,7 +2533,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.7.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "oslo.config", @@ -2041,7 +2543,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "7.0.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "oslo.i18n", @@ -2049,7 +2553,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.25.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "oslo.serialization", @@ -2057,7 +2563,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.29.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "oslo.utils", @@ -2065,7 +2573,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "4.12.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "p11-kit", @@ -2073,7 +2583,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.23.22-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "p11-kit-trust", @@ -2081,7 +2593,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.23.22-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "packaging", @@ -2089,7 +2603,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "21.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pam", @@ -2097,7 +2613,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.3.1-16.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "passwd", @@ -2105,7 +2623,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.80-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pbr", @@ -2113,7 +2633,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "5.4.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pcre", @@ -2121,7 +2643,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "8.42-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pcre2", @@ -2129,7 +2653,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "10.32-3.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "peewee", @@ -2137,7 +2663,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.13.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Carp", @@ -2145,7 +2673,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.42-396.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Data-Dumper", @@ -2153,7 +2683,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.167-399.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Digest", @@ -2161,7 +2693,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.17-395.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Digest-MD5", @@ -2169,7 +2703,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.55-396.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Encode", @@ -2177,7 +2713,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4:2.97-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Errno", @@ -2185,7 +2723,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "0:1.28-421.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Exporter", @@ -2193,7 +2733,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "5.72-396.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-File-Path", @@ -2201,7 +2743,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.15-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-File-Temp", @@ -2209,7 +2753,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "0.230.600-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Getopt-Long", @@ -2217,7 +2763,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:2.50-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-HTTP-Tiny", @@ -2225,7 +2773,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "0.074-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-IO", @@ -2233,7 +2783,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "0:1.38-421.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-IO-Socket-IP", @@ -2241,7 +2793,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "0.39-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-IO-Socket-SSL", @@ -2249,7 +2803,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2.066-4.module+el8.3.0+6446+594cad75", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-MIME-Base64", @@ -2257,7 +2813,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.15-396.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Mozilla-CA", @@ -2265,7 +2823,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "20160104-7.module+el8.3.0+6498+9eecfe51", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Net-SSLeay", @@ -2273,7 +2833,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.88-2.module+el8.6.0+13392+f0897f98", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-PathTools", @@ -2281,7 +2843,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.74-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Pod-Escapes", @@ -2289,7 +2853,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.07-395.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Pod-Perldoc", @@ -2297,7 +2863,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.28-396.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Pod-Simple", @@ -2305,7 +2873,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:3.35-395.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Pod-Usage", @@ -2313,7 +2883,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4:1.69-395.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Scalar-List-Utils", @@ -2321,7 +2893,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3:1.49-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Socket", @@ -2329,7 +2903,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4:2.027-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Storable", @@ -2337,7 +2913,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:3.11-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Term-ANSIColor", @@ -2345,7 +2923,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4.06-396.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Term-Cap", @@ -2353,7 +2933,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.17-395.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Text-ParseWords", @@ -2361,7 +2943,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.30-395.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Text-Tabs+Wrap", @@ -2369,7 +2953,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2013.0523-395.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Time-Local", @@ -2377,7 +2963,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.280-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-URI", @@ -2385,7 +2973,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.73-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-Unicode-Normalize", @@ -2393,7 +2983,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.25-396.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-constant", @@ -2401,7 +2993,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.33-396.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-interpreter", @@ -2409,7 +3003,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4:5.26.3-421.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-libnet", @@ -2417,7 +3013,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.11-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-libs", @@ -2425,7 +3023,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4:5.26.3-421.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-macros", @@ -2433,7 +3033,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4:5.26.3-421.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-parent", @@ -2441,7 +3043,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:0.237-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-podlators", @@ -2449,7 +3053,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "4.11-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-threads", @@ -2457,7 +3063,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:2.21-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "perl-threads-shared", @@ -2465,7 +3073,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.58-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pillow", @@ -2473,7 +3083,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "9.0.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pip", @@ -2481,7 +3093,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "19.3.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pip", @@ -2489,7 +3103,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "21.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pkgconf", @@ -2497,7 +3113,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.4.2-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pkgconf-m4", @@ -2505,7 +3123,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.4.2-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pkgconf-pkg-config", @@ -2513,7 +3133,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.4.2-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "platform-python", @@ -2543,7 +3165,9 @@ } } } - ] + ], + "BaseScores": [], + "CVEIds": ["CVE-2015-20107", "CVE-2022-0391"] }, { "Name": "platform-python-setuptools", @@ -2551,7 +3175,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "39.2.0-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ply", @@ -2559,7 +3185,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.11", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "popt", @@ -2567,7 +3195,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.18-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "prometheus-client", @@ -2575,7 +3205,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.7.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "protobuf", @@ -2583,7 +3215,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.15.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "protobuf-c", @@ -2591,7 +3225,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.3.0-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "psutil", @@ -2599,7 +3235,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "5.9.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "psycopg2-binary", @@ -2607,7 +3245,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.9.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "publicsuffix-list-dafsa", @@ -2615,7 +3255,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "20180723-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "py-bitbucket", @@ -2623,7 +3265,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyasn1", @@ -2631,7 +3275,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.4.8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyasn1-modules", @@ -2639,7 +3285,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.2.8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pycparser", @@ -2647,7 +3295,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.20", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pygithub", @@ -2655,7 +3305,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.45", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyinotify", @@ -2663,7 +3315,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.9.6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyjwt", @@ -2671,7 +3325,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.4.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pymemcache", @@ -2679,7 +3335,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.0.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pymysql", @@ -2687,7 +3345,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.9.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyopenssl", @@ -2695,7 +3355,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "19.1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyparsing", @@ -2703,7 +3365,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.4.6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pypdf2", @@ -2711,7 +3375,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.27.6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyrsistent", @@ -2719,7 +3385,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.18.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pysocks", @@ -2727,7 +3395,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.6.8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-dateutil", @@ -2735,7 +3405,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.6.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-dateutil", @@ -2743,7 +3415,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.8.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-editor", @@ -2751,7 +3425,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.0.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-etcd", @@ -2759,7 +3435,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.3.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-gitlab", @@ -2767,7 +3445,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.0.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-keystoneclient", @@ -2775,7 +3455,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.22.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-ldap", @@ -2783,7 +3465,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.4.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-magic", @@ -2791,7 +3475,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.4.15", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-redis-lock", @@ -2799,7 +3485,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.7.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python-swiftclient", @@ -2807,7 +3495,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.8.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-chardet", @@ -2815,7 +3505,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.0.4-7.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-cloud-what", @@ -2823,7 +3515,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.28.29-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-dateutil", @@ -2831,7 +3525,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1:2.6.1-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-dbus", @@ -2839,7 +3535,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.2.4-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-decorator", @@ -2847,7 +3545,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.2.1-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-dmidecode", @@ -2855,7 +3555,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.12.2-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-dnf", @@ -2863,7 +3565,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.7.0-8.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-dnf-plugins-core", @@ -2871,7 +3575,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.0.21-11.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-ethtool", @@ -2879,7 +3585,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.14-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-gobject-base", @@ -2887,7 +3595,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.28.3-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-gpg", @@ -2895,7 +3605,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.13.1-11.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-hawkey", @@ -2903,7 +3615,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.63.0-8.1.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-idna", @@ -2911,7 +3625,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.5-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-iniparse", @@ -2919,7 +3635,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.4-31.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-inotify", @@ -2927,7 +3645,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.9.6-13.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-libcomps", @@ -2935,7 +3655,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.1.18-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-libdnf", @@ -2943,7 +3665,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "0.63.0-8.1.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-librepo", @@ -2951,7 +3675,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.14.2-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-libs", @@ -2981,7 +3707,9 @@ } } } - ] + ], + "BaseScores": [], + "CVEIds": ["CVE-2015-20107", "CVE-2022-0391"] }, { "Name": "python3-libxml2", @@ -2989,7 +3717,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.9.7-13.el8_6.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-pip-wheel", @@ -2997,7 +3727,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "9.0.3-22.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-pysocks", @@ -3005,7 +3737,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.6.8-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-requests", @@ -3013,7 +3747,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.20.0-2.1.el8_1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-rpm", @@ -3021,7 +3757,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.14.3-23.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-setuptools-wheel", @@ -3029,7 +3767,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "39.2.0-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-six", @@ -3037,7 +3777,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.11.0-8.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-subscription-manager-rhsm", @@ -3045,7 +3787,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.28.29-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-syspurpose", @@ -3053,7 +3797,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.28.29-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3-urllib3", @@ -3061,7 +3807,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.24.2-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python38", @@ -3069,7 +3817,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.8.12-1.module+el8.6.0+12642+c3710b74", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python38-libs", @@ -3077,7 +3827,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "3.8.12-1.module+el8.6.0+12642+c3710b74", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python38-pip", @@ -3085,7 +3837,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "19.3.1-5.module+el8.6.0+13002+70cfc74a", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python38-pip-wheel", @@ -3093,7 +3847,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "19.3.1-5.module+el8.6.0+13002+70cfc74a", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python38-setuptools", @@ -3101,7 +3857,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "41.6.0-5.module+el8.5.0+12205+a865257a", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python38-setuptools-wheel", @@ -3109,7 +3867,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "41.6.0-5.module+el8.5.0+12205+a865257a", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pytz", @@ -3117,7 +3877,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2019.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyyaml", @@ -3125,7 +3887,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "5.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "raven", @@ -3133,7 +3897,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "6.10.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "readline", @@ -3141,7 +3907,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "7.0-10.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "recaptcha2", @@ -3149,7 +3917,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "redhat-release", @@ -3157,7 +3927,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "8.6-0.1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "redis", @@ -3165,7 +3937,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.5.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "redis-py-cluster", @@ -3173,7 +3947,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.1.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "rehash", @@ -3181,7 +3957,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.0.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "reportlab", @@ -3189,7 +3967,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "3.5.55", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "requests", @@ -3197,7 +3977,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.20.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "requests", @@ -3205,7 +3987,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.27.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "requests-aws4auth", @@ -3213,7 +3997,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.9", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "requests-file", @@ -3221,7 +4007,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.4.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "requests-oauthlib", @@ -3229,7 +4017,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.3.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "rfc3986", @@ -3237,7 +4027,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.3.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "rootfiles", @@ -3245,7 +4037,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "8.1-22.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "rpm", @@ -3253,7 +4047,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.14.3-23.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "rpm-build-libs", @@ -3261,7 +4057,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.14.3-23.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "rpm-libs", @@ -3269,7 +4067,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.14.3-23.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "runc", @@ -3277,7 +4077,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1:1.1.3-2.module+el8.6.0+15917+093ca6f8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "s3transfer", @@ -3285,7 +4087,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.5.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "sed", @@ -3293,7 +4097,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.5-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "semantic-version", @@ -3301,7 +4107,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.8.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "setup", @@ -3309,7 +4117,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.12.2-6.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "setuptools", @@ -3317,7 +4127,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "50.3.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "setuptools", @@ -3325,7 +4137,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "39.2.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "setuptools", @@ -3333,7 +4147,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "41.6.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "setuptools-scm", @@ -3341,7 +4157,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "4.1.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "shadow-utils", @@ -3349,7 +4167,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2:4.6-16.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "six", @@ -3357,7 +4177,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.14.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "six", @@ -3365,7 +4187,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.11.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "skopeo", @@ -3373,7 +4197,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "2:1.8.0-2.module+el8.6.0+15917+093ca6f8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "slirp4netns", @@ -3381,7 +4207,9 @@ "NamespaceName": "", "AddedBy": "sha256:3aba94eed52924a9707c3be29817a11f7efc8fac7fe75e0c91e48e242f988ccf", "Version": "1.2.0-2.module+el8.6.0+15917+093ca6f8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "soupsieve", @@ -3389,7 +4217,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.9.5", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "sqlalchemy", @@ -3397,7 +4227,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.4.31", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "sqlite-libs", @@ -3405,7 +4237,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "3.26.0-15.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "stevedore", @@ -3413,7 +4247,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.31.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "stringscore", @@ -3421,7 +4257,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "stripe", @@ -3429,7 +4267,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.42.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "subscription-manager", @@ -3437,7 +4277,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.28.29", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "subscription-manager", @@ -3445,7 +4287,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.28.29-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "subscription-manager-rhsm-certificates", @@ -3453,7 +4297,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.28.29-3.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "supervisor", @@ -3461,7 +4307,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "4.1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "supervisor-logging", @@ -3469,7 +4317,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.0.9", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "supervisor-stdout", @@ -3477,7 +4327,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.1.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "syspurpose", @@ -3485,7 +4337,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.28.29", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "systemd", @@ -3493,7 +4347,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "239-58.el8_6.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "systemd-libs", @@ -3501,7 +4357,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "239-58.el8_6.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "systemd-pam", @@ -3509,7 +4367,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "239-58.el8_6.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "tar", @@ -3517,7 +4377,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2:1.30-5.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "text-unidecode", @@ -3525,7 +4387,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "tldextract", @@ -3533,7 +4397,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.2.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "toml", @@ -3541,7 +4407,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.10.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "toposort", @@ -3549,7 +4417,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.5", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "tpm2-tss", @@ -3557,7 +4427,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.3.2-4.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "tzdata", @@ -3565,7 +4437,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2022c-1.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "tzlocal", @@ -3573,7 +4447,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.0.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ubi8", @@ -3581,7 +4457,9 @@ "NamespaceName": "", "AddedBy": "sha256:0d51f270409c5c21859f12eee7aa77d3969ac3033b7129a2a87648b741ee66ee", "Version": "8.6-903.1661794351", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ubi8-container", @@ -3589,7 +4467,9 @@ "NamespaceName": "", "AddedBy": "sha256:0d51f270409c5c21859f12eee7aa77d3969ac3033b7129a2a87648b741ee66ee", "Version": "8.6-903.1661794351", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "urllib3", @@ -3597,7 +4477,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.26.9", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "urllib3", @@ -3605,7 +4487,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.24.2", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "usermode", @@ -3613,7 +4497,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.113-2.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "util-linux", @@ -3621,7 +4507,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.32.1-35.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "vim-minimal", @@ -3629,7 +4517,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2:8.0.1763-19.el8_6.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "virt-what", @@ -3637,7 +4527,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.18-13.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "webencodings", @@ -3645,7 +4537,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.5.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "webob", @@ -3653,7 +4547,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.8.6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "websocket-client", @@ -3661,7 +4557,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.57.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "werkzeug", @@ -3669,7 +4567,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.16.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "wheel", @@ -3677,7 +4577,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.35.1", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "which", @@ -3685,7 +4587,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "2.21-17.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "wrapt", @@ -3693,7 +4597,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "1.13.3", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "xhtml2pdf", @@ -3701,7 +4607,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.2.4", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "xz-libs", @@ -3709,7 +4617,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "5.2.4-4.el8_6", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "yapf", @@ -3717,7 +4627,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "0.29.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "yum", @@ -3725,7 +4637,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "4.7.0-8.el8", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "zipp", @@ -3733,7 +4647,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "2.1.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "zlib", @@ -3741,7 +4657,9 @@ "NamespaceName": "", "AddedBy": "sha256:480a8b2c25e9343725938879adac8ebb1c01cfde85975f023ca7aa95bfe7e0da", "Version": "1.2.11-18.el8_5", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "zope.event", @@ -3749,7 +4667,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "4.5.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "zope.interface", @@ -3757,7 +4677,9 @@ "NamespaceName": "", "AddedBy": "sha256:439e6bc4f7490f382f233003f10ca643d121659230990a4ae9cdff6a94d8c382", "Version": "5.4.0", - "Vulnerabilities": [] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] } ] } diff --git a/data/secscan_model/test/securityinformation_withenrichments.json b/data/secscan_model/test/securityinformation_withenrichments.json index 8cf58fcd90..8cc397a72a 100644 --- a/data/secscan_model/test/securityinformation_withenrichments.json +++ b/data/secscan_model/test/securityinformation_withenrichments.json @@ -11,9 +11,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "28.8.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyopenssl", @@ -21,9 +21,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "17.5.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cffi", @@ -31,9 +31,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.11.5", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ncurses-terminfo-base", @@ -41,9 +41,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "6.0_p20171125-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "musl-utils", @@ -51,9 +51,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.1.18-r3", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libcrypto1.0", @@ -61,9 +61,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.0.2o-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libstdc++", @@ -71,9 +71,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "6.4.0-r5", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "scanelf", @@ -81,9 +81,9 @@ "NamespaceName": "", "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "Version": "1.2.2-r1", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "alpine-baselayout", @@ -91,9 +91,9 @@ "NamespaceName": "", "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "Version": "3.0.5-r2", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libressl2.6-libssl", @@ -101,9 +101,9 @@ "NamespaceName": "", "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "Version": "2.6.3-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pip", @@ -154,7 +154,9 @@ } } } - ] + ], + "BaseScores": [7.5, 7.5], + "CVEIds": [] }, { "Name": "expat", @@ -205,7 +207,9 @@ } } } - ] + ], + "BaseScores": [7.5, 7.5], + "CVEIds": ["CVE-2018-20843", "CVE-2019-15903"] }, { "Name": "pyparsing", @@ -213,9 +217,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "2.2.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libbz2", @@ -223,9 +227,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.0.6-r6", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "click", @@ -233,9 +237,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "6.7", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "wsproto", @@ -243,9 +247,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "0.11.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ncurses-terminfo", @@ -253,9 +257,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "6.0_p20171125-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ncurses-libs", @@ -263,9 +267,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "6.0_p20171125-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyperclip", @@ -273,9 +277,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.6.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "mitmproxy", @@ -347,7 +351,9 @@ } } } - ] + ], + "BaseScores": [8.8, 8.8], + "CVEIds": [] }, { "Name": "xz-libs", @@ -355,9 +361,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "5.2.3-r1", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "certifi", @@ -365,9 +371,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "2018.4.16", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libressl2.6-libcrypto", @@ -375,9 +381,9 @@ "NamespaceName": "", "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "Version": "2.6.3-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "sortedcontainers", @@ -385,9 +391,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.5.10", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ruamel.yaml", @@ -395,9 +401,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "0.15.37", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "brotlipy", @@ -405,9 +411,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "0.7.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "asn1crypto", @@ -415,9 +421,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "0.24.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "gdbm", @@ -425,9 +431,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.13-r1", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "urwid", @@ -435,9 +441,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "2.0.1", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "readline", @@ -445,9 +451,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "7.0.003-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "six", @@ -455,9 +461,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.11.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libc-utils", @@ -465,9 +471,9 @@ "NamespaceName": "", "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "Version": "0.7.1-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "sqlite-libs", @@ -475,9 +481,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "3.21.0-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "h2", @@ -485,9 +491,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "3.0.1", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "openssl", @@ -643,6 +649,16 @@ } } } + ], + "BaseScores": [5.9, 4.7, 3.7, 7.5, 5.9, 5.9, 4.7], + "CVEIds": [ + "CVE-2018-0732", + "CVE-2018-0734", + "CVE-2018-0737", + "CVE-2018-5407", + "CVE-2019-1547", + "CVE-2019-1559", + "CVE-2019-1563" ] }, { @@ -651,9 +667,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "3.0.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "ldap3", @@ -661,9 +677,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "2.5", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libssl1.0", @@ -671,9 +687,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.0.2o-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "passlib", @@ -681,9 +697,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.7.1", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pycparser", @@ -691,9 +707,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "2.18", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "kaitaistruct", @@ -701,9 +717,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "0.8", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "libgcc", @@ -711,9 +727,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "6.4.0-r5", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "python3", @@ -869,6 +885,16 @@ } } } + ], + "BaseScores": [7.5, 7.5, 7.5, 7.5, 9.8, 7.5, 6.1], + "CVEIds": [ + "CVE-2018-1060", + "CVE-2018-1061", + "CVE-2018-14647", + "CVE-2018-20406", + "CVE-2019-16056", + "CVE-2019-16935", + "CVE-2019-9636" ] }, { @@ -877,9 +903,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "5.0.2", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "pyasn1", @@ -887,9 +913,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "0.4.2", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "alpine-keys", @@ -897,9 +923,9 @@ "NamespaceName": "", "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "Version": "2.1-r1", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "hyperframe", @@ -907,9 +933,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "5.1.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "su-exec", @@ -917,9 +943,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "0.2-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "idna", @@ -927,9 +953,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "2.6", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "cryptography", @@ -1022,7 +1048,9 @@ } } } - ] + ], + "BaseScores": [9.1, 5.9, 7.5], + "CVEIds": [] }, { "Name": "libffi", @@ -1030,9 +1058,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "3.2.1-r4", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "blinker", @@ -1040,9 +1068,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "1.4", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "busybox", @@ -1050,9 +1078,9 @@ "NamespaceName": "", "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "Version": "1.27.2-r7", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "musl", @@ -1082,7 +1110,9 @@ } } } - ] + ], + "BaseScores": [9.8], + "CVEIds": ["CVE-2019-14697"] }, { "Name": "apk-tools", @@ -1090,9 +1120,9 @@ "NamespaceName": "", "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "Version": "2.8.2-r0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "zlib", @@ -1100,9 +1130,9 @@ "NamespaceName": "", "AddedBy": "sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28", "Version": "1.2.11-r1", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] }, { "Name": "h11", @@ -1110,9 +1140,9 @@ "NamespaceName": "", "AddedBy": "sha256:95200ab871bdbed0f4962f61926c67d1771dea166bb8469ce2036213bb406784", "Version": "0.7.0", - "Vulnerabilities": [ - - ] + "Vulnerabilities": [], + "BaseScores": [], + "CVEIds": [] } ] } diff --git a/data/secscan_model/test/test_secscan_v4_model.py b/data/secscan_model/test/test_secscan_v4_model.py index bb2553c6ae..3bc8d2b411 100644 --- a/data/secscan_model/test/test_secscan_v4_model.py +++ b/data/secscan_model/test/test_secscan_v4_model.py @@ -2,7 +2,6 @@ import logging import os from datetime import datetime, timedelta -from test.fixtures import * import mock import pytest @@ -23,17 +22,27 @@ ) from data.registry_model import registry_model from data.secscan_model.datatypes import ( + NVD, + CVSSv3, + Feature, Layer, + Metadata, PaginatedNotificationStatus, ScanLookupStatus, SecurityInformation, + Vulnerability, + link_to_cves, + vulns_to_base_scores, + vulns_to_cves, ) from data.secscan_model.secscan_v4_model import ( IndexReportState, + SecurityInformationLookupResult, V4SecurityScanner, features_for, ) from image.docker.schema2 import DOCKER_SCHEMA2_MANIFESTLIST_CONTENT_TYPE +from test.fixtures import * from util.secscan.v4.api import APIRequestFailure @@ -551,7 +560,7 @@ def test_features_for(): expected["Layer"]["Features"].sort(key=lambda d: d["Name"]) generated = SecurityInformation( Layer( - "sha256:b05ac1eeec8635442fa5d3e55d6ef4ad287b9c66055a552c2fd309c334563b0a", + "sha256:4fd9553ca70c7ed6cbb466573fed2d03b0a8dd2c2eba9febf2ce30f8d537ba17", "", "", 4, @@ -744,3 +753,143 @@ def test_enrichments_in_features_for(): generated["Layer"]["Features"].sort(key=lambda d: d["Name"]) assert generated == expected + + +@pytest.mark.parametrize( + "input_string, expected_output", + [ + ( + "This is a test string with CVE-2021-1234 and CVE-2022-5678", + ["CVE-2021-1234", "CVE-2022-5678"], + ), + ("No CVEs in this string", []), + ("CVE-2023-12345 is the only CVE here", ["CVE-2023-12345"]), + ("", []), + ], +) +def test_link_to_cves(input_string, expected_output): + assert link_to_cves(input_string) == expected_output + + +@pytest.mark.parametrize( + "vulnerabilities, expected_output", + [ + ( + [ + Vulnerability( + Severity="High", + NamespaceName="", + Link="CVE-2021-1234", + FixedBy="", + Description="", + Name="", + Metadata=Metadata( + UpdatedBy="", + RepoName="", + RepoLink="", + DistroName="", + DistroVersion="", + NVD=NVD(CVSSv3=CVSSv3()), + ), + ), + Vulnerability( + Severity="Medium", + NamespaceName="", + Link="CVE-2022-5678", + FixedBy="", + Description="", + Name="", + Metadata=Metadata( + UpdatedBy="", + RepoName="", + RepoLink="", + DistroName="", + DistroVersion="", + NVD=NVD(CVSSv3=CVSSv3()), + ), + ), + Vulnerability( + Severity="Low", + NamespaceName="", + Link="Not a CVE link", + FixedBy="", + Description="", + Name="", + Metadata=Metadata( + UpdatedBy="", + RepoName="", + RepoLink="", + DistroName="", + DistroVersion="", + NVD=NVD(CVSSv3=CVSSv3()), + ), + ), + ], + ["CVE-2021-1234", "CVE-2022-5678"], + ), + ], +) +def test_vulns_to_cves(vulnerabilities, expected_output): + assert vulns_to_cves(vulnerabilities) == expected_output + + +@pytest.mark.parametrize( + "vulnerabilities, expected_output", + [ + ( + [ + Vulnerability( + Severity="High", + NamespaceName="", + Link="CVE-2021-1234", + FixedBy="", + Description="", + Name="", + Metadata=Metadata( + UpdatedBy="", + RepoName="", + RepoLink="", + DistroName="", + DistroVersion="", + NVD=NVD(CVSSv3=CVSSv3(Score=7.5)), + ), + ), + Vulnerability( + Severity="Medium", + NamespaceName="", + Link="CVE-2022-5678", + FixedBy="", + Description="", + Name="", + Metadata=Metadata( + UpdatedBy="", + RepoName="", + RepoLink="", + DistroName="", + DistroVersion="", + NVD=NVD(CVSSv3=CVSSv3(Score=None)), + ), + ), + Vulnerability( + Severity="Low", + NamespaceName="", + Link="Not a CVE link", + FixedBy="", + Description="", + Name="", + Metadata=Metadata( + UpdatedBy="", + RepoName="", + RepoLink="", + DistroName="", + DistroVersion="", + NVD=NVD(CVSSv3=None), + ), + ), + ], + [7.5], + ), + ], +) +def test_vulns_to_base_scores(vulnerabilities, expected_output): + assert vulns_to_base_scores(vulnerabilities) == expected_output diff --git a/data/secscan_model/test/vulnerabilityreport.json b/data/secscan_model/test/vulnerabilityreport.json index 47685fb600..30991e2a1f 100644 --- a/data/secscan_model/test/vulnerabilityreport.json +++ b/data/secscan_model/test/vulnerabilityreport.json @@ -1,3022 +1,14250 @@ { - "manifest_hash":"sha256:b05ac1eeec8635442fa5d3e55d6ef4ad287b9c66055a552c2fd309c334563b0a", - "packages":{ - "10":{ - "id":"10", - "name":"bash", - "version":"5.0-4", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "100":{ - "id":"100", - "name":"libnettle6", - "version":"3.4.1-1", - "kind":"binary", - "source":{ - "id":"87", - "name":"nettle", - "version":"3.4.1-1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "102":{ - "id":"102", - "name":"libp11-kit0", - "version":"0.23.15-2", - "kind":"binary", - "source":{ - "id":"101", - "name":"p11-kit", - "version":"0.23.15-2", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "104":{ - "id":"104", - "name":"libpam-modules", - "version":"1.3.1-5", - "kind":"binary", - "source":{ - "id":"103", - "name":"pam", - "version":"1.3.1-5", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "106":{ - "id":"106", - "name":"libpam-modules-bin", - "version":"1.3.1-5", - "kind":"binary", - "source":{ - "id":"103", - "name":"pam", - "version":"1.3.1-5", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "108":{ - "id":"108", - "name":"libpam-runtime", - "version":"1.3.1-5", - "kind":"binary", - "source":{ - "id":"103", - "name":"pam", - "version":"1.3.1-5", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "110":{ - "id":"110", - "name":"libpam0g", - "version":"1.3.1-5", - "kind":"binary", - "source":{ - "id":"103", - "name":"pam", - "version":"1.3.1-5", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "112":{ - "id":"112", - "name":"libpcre3", - "version":"2:8.39-12", - "kind":"binary", - "source":{ - "id":"111", - "name":"pcre3", - "version":"2:8.39-12", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "114":{ - "id":"114", - "name":"libseccomp2", - "version":"2.3.3-4", - "kind":"binary", - "source":{ - "id":"113", - "name":"libseccomp", - "version":"2.3.3-4", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "116":{ - "id":"116", - "name":"libselinux1", - "version":"2.8-1+b1", - "kind":"binary", - "source":{ - "id":"115", - "name":"libselinux (2.8-1)", - "version":"2.8-1+b1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "118":{ - "id":"118", - "name":"libsemanage-common", - "version":"2.8-2", - "kind":"binary", - "source":{ - "id":"117", - "name":"libsemanage", - "version":"2.8-2", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "12":{ - "id":"12", - "name":"bsdutils", - "version":"1:2.33.1-0.1", - "kind":"binary", - "source":{ - "id":"11", - "name":"util-linux (2.33.1-0.1)", - "version":"1:2.33.1-0.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "120":{ - "id":"120", - "name":"libsemanage1", - "version":"2.8-2", - "kind":"binary", - "source":{ - "id":"117", - "name":"libsemanage", - "version":"2.8-2", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "122":{ - "id":"122", - "name":"libsepol1", - "version":"2.8-1", - "kind":"binary", - "source":{ - "id":"121", - "name":"libsepol", - "version":"2.8-1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "124":{ - "id":"124", - "name":"libsmartcols1", - "version":"2.33.1-0.1", - "kind":"binary", - "source":{ - "id":"29", - "name":"util-linux", - "version":"2.33.1-0.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "128":{ - "id":"128", - "name":"libstdc++6", - "version":"8.3.0-6", - "kind":"binary", - "source":{ - "id":"33", - "name":"gcc-8", - "version":"8.3.0-6", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "132":{ - "id":"132", - "name":"libtasn1-6", - "version":"4.13-3", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "138":{ - "id":"138", - "name":"libunistring2", - "version":"0.9.10-1", - "kind":"binary", - "source":{ - "id":"137", - "name":"libunistring", - "version":"0.9.10-1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "14":{ - "id":"14", - "name":"coreutils", - "version":"8.30-3", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "140":{ - "id":"140", - "name":"libuuid1", - "version":"2.33.1-0.1", - "kind":"binary", - "source":{ - "id":"29", - "name":"util-linux", - "version":"2.33.1-0.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "142":{ - "id":"142", - "name":"libzstd1", - "version":"1.3.8+dfsg-3", - "kind":"binary", - "source":{ - "id":"141", - "name":"libzstd", - "version":"1.3.8+dfsg-3", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "144":{ - "id":"144", - "name":"login", - "version":"1:4.5-1.1", - "kind":"binary", - "source":{ - "id":"143", - "name":"shadow", - "version":"1:4.5-1.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "146":{ - "id":"146", - "name":"mawk", - "version":"1.3.3-17+b3", - "kind":"binary", - "source":{ - "id":"145", - "name":"mawk (1.3.3-17)", - "version":"1.3.3-17+b3", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "148":{ - "id":"148", - "name":"mount", - "version":"2.33.1-0.1", - "kind":"binary", - "source":{ - "id":"29", - "name":"util-linux", - "version":"2.33.1-0.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "154":{ - "id":"154", - "name":"passwd", - "version":"1:4.5-1.1", - "kind":"binary", - "source":{ - "id":"143", - "name":"shadow", - "version":"1:4.5-1.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "156":{ - "id":"156", - "name":"perl-base", - "version":"5.28.1-6", - "kind":"binary", - "source":{ - "id":"155", - "name":"perl", - "version":"5.28.1-6", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "158":{ - "id":"158", - "name":"sed", - "version":"4.7-1", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "16":{ - "id":"16", - "name":"dash", - "version":"0.5.10.2-5", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "160":{ - "id":"160", - "name":"sysvinit-utils", - "version":"2.93-8", - "kind":"binary", - "source":{ - "id":"159", - "name":"sysvinit", - "version":"2.93-8", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "162":{ - "id":"162", - "name":"tar", - "version":"1.30+dfsg-6", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "164":{ - "id":"164", - "name":"tzdata", - "version":"2019c-0+deb10u1", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "166":{ - "id":"166", - "name":"util-linux", - "version":"2.33.1-0.1", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "168":{ - "id":"168", - "name":"zlib1g", - "version":"1:1.2.11.dfsg-1", - "kind":"binary", - "source":{ - "id":"167", - "name":"zlib", - "version":"1:1.2.11.dfsg-1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "174":{ - "id":"174", - "name":"base-files", - "version":"10.3+deb10u1", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "18":{ - "id":"18", - "name":"debconf", - "version":"1.5.71", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "196":{ - "id":"196", - "name":"e2fsprogs", - "version":"1.44.5-1+deb10u2", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "2":{ - "id":"2", - "name":"adduser", - "version":"3.118", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "20":{ - "id":"20", - "name":"debian-archive-keyring", - "version":"2019.1 /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg 9e93d0a43d3a60272034c15900e9df6f /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg f2d1b03b7a3c279ec66425d06aaab50f /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg 4797ff6df738da65413ef710cf73936f /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg 47d3fff11215d63917b41cb249ca0cbb /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg 762c194d687970dd37e6bbcb1f88be6b /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg 396bc7a1b3a1c2a67b33366b9300897b /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg f8ca9f176f6a5747e113f62220671e0b /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg 986449e3c1ed5c157686f0166411b829 /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg 67fa5396fa0900c0abd1058d98d9247e", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "22":{ - "id":"22", - "name":"debianutils", - "version":"4.8.6.1", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "234":{ - "id":"234", - "name":"libcom-err2", - "version":"1.44.5-1+deb10u2", - "kind":"binary", - "source":{ - "id":"233", - "name":"e2fsprogs", - "version":"1.44.5-1+deb10u2", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "24":{ - "id":"24", - "name":"diffutils", - "version":"1:3.7-3", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "240":{ - "id":"240", - "name":"libext2fs2", - "version":"1.44.5-1+deb10u2", - "kind":"binary", - "source":{ - "id":"233", - "name":"e2fsprogs", - "version":"1.44.5-1+deb10u2", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "252":{ - "id":"252", - "name":"libgnutls30", - "version":"3.6.7-4", - "kind":"binary", - "source":{ - "id":"251", - "name":"gnutls28", - "version":"3.6.7-4", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "258":{ - "id":"258", - "name":"libidn2-0", - "version":"2.0.5-1", - "kind":"binary", - "source":{ - "id":"257", - "name":"libidn2", - "version":"2.0.5-1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "26":{ - "id":"26", - "name":"dpkg", - "version":"1.19.7", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "266":{ - "id":"266", - "name":"libncursesw6", - "version":"6.1+20181013-2+deb10u1", - "kind":"binary", - "source":{ - "id":"265", - "name":"ncurses", - "version":"6.1+20181013-2+deb10u1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "294":{ - "id":"294", - "name":"libss2", - "version":"1.44.5-1+deb10u2", - "kind":"binary", - "source":{ - "id":"233", - "name":"e2fsprogs", - "version":"1.44.5-1+deb10u2", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "298":{ - "id":"298", - "name":"libsystemd0", - "version":"241-7~deb10u1", - "kind":"binary", - "source":{ - "id":"297", - "name":"systemd", - "version":"241-7~deb10u1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "30":{ - "id":"30", - "name":"fdisk", - "version":"2.33.1-0.1", - "kind":"binary", - "source":{ - "id":"29", - "name":"util-linux", - "version":"2.33.1-0.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "302":{ - "id":"302", - "name":"libtinfo6", - "version":"6.1+20181013-2+deb10u1", - "kind":"binary", - "source":{ - "id":"265", - "name":"ncurses", - "version":"6.1+20181013-2+deb10u1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "304":{ - "id":"304", - "name":"libudev1", - "version":"241-7~deb10u1", - "kind":"binary", - "source":{ - "id":"297", - "name":"systemd", - "version":"241-7~deb10u1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "318":{ - "id":"318", - "name":"ncurses-base", - "version":"6.1+20181013-2+deb10u1", - "kind":"binary", - "source":{ - "id":"265", - "name":"ncurses", - "version":"6.1+20181013-2+deb10u1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "32":{ - "id":"32", - "name":"findutils", - "version":"4.6.0+git+20190209-2", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "320":{ - "id":"320", - "name":"ncurses-bin", - "version":"6.1+20181013-2+deb10u1", - "kind":"binary", - "source":{ - "id":"265", - "name":"ncurses", - "version":"6.1+20181013-2+deb10u1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "34":{ - "id":"34", - "name":"gcc-8-base", - "version":"8.3.0-6", - "kind":"binary", - "source":{ - "id":"33", - "name":"gcc-8", - "version":"8.3.0-6", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "36":{ - "id":"36", - "name":"gpgv", - "version":"2.2.12-1+deb10u1", - "kind":"binary", - "source":{ - "id":"35", - "name":"gnupg2", - "version":"2.2.12-1+deb10u1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "38":{ - "id":"38", - "name":"grep", - "version":"3.3-1", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "4":{ - "id":"4", - "name":"apt", - "version":"1.8.2", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "40":{ - "id":"40", - "name":"gzip", - "version":"1.9-3", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "42":{ - "id":"42", - "name":"hostname", - "version":"3.21", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "44":{ - "id":"44", - "name":"init-system-helpers", - "version":"1.56+nmu1", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "46":{ - "id":"46", - "name":"libacl1", - "version":"2.2.53-4", - "kind":"binary", - "source":{ - "id":"45", - "name":"acl", - "version":"2.2.53-4", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "48":{ - "id":"48", - "name":"libapt-pkg5.0", - "version":"1.8.2", - "kind":"binary", - "source":{ - "id":"47", - "name":"apt", - "version":"1.8.2", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "50":{ - "id":"50", - "name":"libattr1", - "version":"1:2.4.48-4", - "kind":"binary", - "source":{ - "id":"49", - "name":"attr", - "version":"1:2.4.48-4", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "52":{ - "id":"52", - "name":"libaudit-common", - "version":"1:2.8.4-3", - "kind":"binary", - "source":{ - "id":"51", - "name":"audit", - "version":"1:2.8.4-3", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "54":{ - "id":"54", - "name":"libaudit1", - "version":"1:2.8.4-3", - "kind":"binary", - "source":{ - "id":"51", - "name":"audit", - "version":"1:2.8.4-3", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "56":{ - "id":"56", - "name":"libblkid1", - "version":"2.33.1-0.1", - "kind":"binary", - "source":{ - "id":"29", - "name":"util-linux", - "version":"2.33.1-0.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "58":{ - "id":"58", - "name":"libbz2-1.0", - "version":"1.0.6-9.2~deb10u1", - "kind":"binary", - "source":{ - "id":"57", - "name":"bzip2", - "version":"1.0.6-9.2~deb10u1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "60":{ - "id":"60", - "name":"libc-bin", - "version":"2.28-10", - "kind":"binary", - "source":{ - "id":"59", - "name":"glibc", - "version":"2.28-10", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "62":{ - "id":"62", - "name":"libc6", - "version":"2.28-10", - "kind":"binary", - "source":{ - "id":"59", - "name":"glibc", - "version":"2.28-10", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "64":{ - "id":"64", - "name":"libcap-ng0", - "version":"0.7.9-2", - "kind":"binary", - "source":{ - "id":"63", - "name":"libcap-ng", - "version":"0.7.9-2", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "68":{ - "id":"68", - "name":"libdb5.3", - "version":"5.3.28+dfsg1-0.5", - "kind":"binary", - "source":{ - "id":"67", - "name":"db5.3", - "version":"5.3.28+dfsg1-0.5", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "70":{ - "id":"70", - "name":"libdebconfclient0", - "version":"0.249", - "kind":"binary", - "source":{ - "id":"69", - "name":"cdebconf", - "version":"0.249", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "74":{ - "id":"74", - "name":"libfdisk1", - "version":"2.33.1-0.1", - "kind":"binary", - "source":{ - "id":"29", - "name":"util-linux", - "version":"2.33.1-0.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "76":{ - "id":"76", - "name":"libffi6", - "version":"3.2.1-9", - "kind":"binary", - "source":{ - "id":"75", - "name":"libffi", - "version":"3.2.1-9", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "78":{ - "id":"78", - "name":"libgcc1", - "version":"1:8.3.0-6", - "kind":"binary", - "source":{ - "id":"77", - "name":"gcc-8 (8.3.0-6)", - "version":"1:8.3.0-6", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "8":{ - "id":"8", - "name":"base-passwd", - "version":"3.5.46", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "80":{ - "id":"80", - "name":"libgcrypt20", - "version":"1.8.4-5", - "kind":"binary", - "source":{ - "id":"1", - "name":"", - "version":"", - "normalized_version":"" - }, - "normalized_version":"" - }, - "82":{ - "id":"82", - "name":"libgmp10", - "version":"2:6.1.2+dfsg-4", - "kind":"binary", - "source":{ - "id":"81", - "name":"gmp", - "version":"2:6.1.2+dfsg-4", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "86":{ - "id":"86", - "name":"libgpg-error0", - "version":"1.35-1", - "kind":"binary", - "source":{ - "id":"85", - "name":"libgpg-error", - "version":"1.35-1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "88":{ - "id":"88", - "name":"libhogweed4", - "version":"3.4.1-1", - "kind":"binary", - "source":{ - "id":"87", - "name":"nettle", - "version":"3.4.1-1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "92":{ - "id":"92", - "name":"liblz4-1", - "version":"1.8.3-1", - "kind":"binary", - "source":{ - "id":"91", - "name":"lz4", - "version":"1.8.3-1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "94":{ - "id":"94", - "name":"liblzma5", - "version":"5.2.4-1", - "kind":"binary", - "source":{ - "id":"93", - "name":"xz-utils", - "version":"5.2.4-1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" - }, - "96":{ - "id":"96", - "name":"libmount1", - "version":"2.33.1-0.1", - "kind":"binary", - "source":{ - "id":"29", - "name":"util-linux", - "version":"2.33.1-0.1", - "kind":"source", - "normalized_version":"" - }, - "normalized_version":"" + "manifest_hash": "sha256:4fd9553ca70c7ed6cbb466573fed2d03b0a8dd2c2eba9febf2ce30f8d537ba17", + "packages": { + "2": { + "id": "2", + "name": "crypto-policies", + "version": "20221215-1.gitece0092.el8", + "kind": "binary", + "source": { + "id": "1", + "name": "crypto-policies", + "version": "20221215-1.gitece0092.el8", + "kind": "source" + }, + "arch": "noarch" + }, + "4": { + "id": "4", + "name": "libssh-config", + "version": "0.9.6-10.el8_8", + "kind": "binary", + "source": { + "id": "3", + "name": "libssh", + "version": "0.9.6-10.el8_8", + "kind": "source" + }, + "arch": "noarch" + }, + "6": { + "id": "6", + "name": "redhat-release", + "version": "8.8-0.8.el8", + "kind": "binary", + "source": { + "id": "5", + "name": "redhat-release", + "version": "8.8-0.8.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "8": { + "id": "8", + "name": "filesystem", + "version": "3.8-6.el8", + "kind": "binary", + "source": { + "id": "7", + "name": "filesystem", + "version": "3.8-6.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "10": { + "id": "10", + "name": "pcre2", + "version": "10.32-3.el8_6", + "kind": "binary", + "source": { + "id": "9", + "name": "pcre2", + "version": "10.32-3.el8_6", + "kind": "source" + }, + "arch": "aarch64" + }, + "12": { + "id": "12", + "name": "ncurses-libs", + "version": "6.1-9.20180224.el8_8.1", + "kind": "binary", + "source": { + "id": "11", + "name": "ncurses", + "version": "6.1-9.20180224.el8_8.1", + "kind": "source" + }, + "arch": "aarch64" + }, + "14": { + "id": "14", + "name": "glibc-minimal-langpack", + "version": "2.28-225.el8_8.6", + "kind": "binary", + "source": { + "id": "13", + "name": "glibc", + "version": "2.28-225.el8_8.6", + "kind": "source" + }, + "arch": "aarch64" + }, + "16": { + "id": "16", + "name": "bash", + "version": "4.4.20-4.el8_6", + "kind": "binary", + "source": { + "id": "15", + "name": "bash", + "version": "4.4.20-4.el8_6", + "kind": "source" + }, + "arch": "aarch64" + }, + "18": { + "id": "18", + "name": "zlib", + "version": "1.2.11-21.el8_7", + "kind": "binary", + "source": { + "id": "17", + "name": "zlib", + "version": "1.2.11-21.el8_7", + "kind": "source" + }, + "arch": "aarch64" + }, + "20": { + "id": "20", + "name": "xz-libs", + "version": "5.2.4-4.el8_6", + "kind": "binary", + "source": { + "id": "19", + "name": "xz", + "version": "5.2.4-4.el8_6", + "kind": "source" + }, + "arch": "aarch64" + }, + "22": { + "id": "22", + "name": "bzip2-libs", + "version": "1.0.6-26.el8", + "kind": "binary", + "source": { + "id": "21", + "name": "bzip2", + "version": "1.0.6-26.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "24": { + "id": "24", + "name": "gmp", + "version": "1:6.1.2-10.el8", + "kind": "binary", + "source": { + "id": "23", + "name": "gmp", + "version": "6.1.2-10.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "26": { + "id": "26", + "name": "libzstd", + "version": "1.4.4-1.el8", + "kind": "binary", + "source": { + "id": "25", + "name": "zstd", + "version": "1.4.4-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "28": { + "id": "28", + "name": "libunistring", + "version": "0.9.9-3.el8", + "kind": "binary", + "source": { + "id": "27", + "name": "libunistring", + "version": "0.9.9-3.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "30": { + "id": "30", + "name": "libxml2", + "version": "2.9.7-16.el8_8.1", + "kind": "binary", + "source": { + "id": "29", + "name": "libxml2", + "version": "2.9.7-16.el8_8.1", + "kind": "source" + }, + "arch": "aarch64" + }, + "32": { + "id": "32", + "name": "p11-kit", + "version": "0.23.22-1.el8", + "kind": "binary", + "source": { + "id": "31", + "name": "p11-kit", + "version": "0.23.22-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "34": { + "id": "34", + "name": "readline", + "version": "7.0-10.el8", + "kind": "binary", + "source": { + "id": "33", + "name": "readline", + "version": "7.0-10.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "36": { + "id": "36", + "name": "libgcrypt", + "version": "1.8.5-7.el8_6", + "kind": "binary", + "source": { + "id": "35", + "name": "libgcrypt", + "version": "1.8.5-7.el8_6", + "kind": "source" + }, + "arch": "aarch64" + }, + "38": { + "id": "38", + "name": "libattr", + "version": "2.4.48-3.el8", + "kind": "binary", + "source": { + "id": "37", + "name": "attr", + "version": "2.4.48-3.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "40": { + "id": "40", + "name": "coreutils-single", + "version": "8.30-15.el8", + "kind": "binary", + "source": { + "id": "39", + "name": "coreutils", + "version": "8.30-15.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "42": { + "id": "42", + "name": "libtasn1", + "version": "4.13-4.el8_7", + "kind": "binary", + "source": { + "id": "41", + "name": "libtasn1", + "version": "4.13-4.el8_7", + "kind": "source" + }, + "arch": "aarch64" + }, + "44": { + "id": "44", + "name": "lz4-libs", + "version": "1.8.3-3.el8_4", + "kind": "binary", + "source": { + "id": "43", + "name": "lz4", + "version": "1.8.3-3.el8_4", + "kind": "source" + }, + "arch": "aarch64" + }, + "46": { + "id": "46", + "name": "grep", + "version": "3.1-6.el8", + "kind": "binary", + "source": { + "id": "45", + "name": "grep", + "version": "3.1-6.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "48": { + "id": "48", + "name": "libsmartcols", + "version": "2.32.1-42.el8_8", + "kind": "binary", + "source": { + "id": "47", + "name": "util-linux", + "version": "2.32.1-42.el8_8", + "kind": "source" + }, + "arch": "aarch64" + }, + "50": { + "id": "50", + "name": "libmount", + "version": "2.32.1-42.el8_8", + "kind": "binary", + "source": { + "id": "47", + "name": "util-linux", + "version": "2.32.1-42.el8_8", + "kind": "source" + }, + "arch": "aarch64" + }, + "52": { + "id": "52", + "name": "libusbx", + "version": "1.0.23-4.el8", + "kind": "binary", + "source": { + "id": "51", + "name": "libusbx", + "version": "1.0.23-4.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "54": { + "id": "54", + "name": "p11-kit-trust", + "version": "0.23.22-1.el8", + "kind": "binary", + "source": { + "id": "31", + "name": "p11-kit", + "version": "0.23.22-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "56": { + "id": "56", + "name": "openssl-libs", + "version": "1:1.1.1k-9.el8_7", + "kind": "binary", + "source": { + "id": "55", + "name": "openssl", + "version": "1.1.1k-9.el8_7", + "kind": "source" + }, + "arch": "aarch64" + }, + "58": { + "id": "58", + "name": "libdb-utils", + "version": "5.3.28-42.el8_4", + "kind": "binary", + "source": { + "id": "57", + "name": "libdb", + "version": "5.3.28-42.el8_4", + "kind": "source" + }, + "arch": "aarch64" + }, + "60": { + "id": "60", + "name": "mpfr", + "version": "3.1.6-1.el8", + "kind": "binary", + "source": { + "id": "59", + "name": "mpfr", + "version": "3.1.6-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "62": { + "id": "62", + "name": "gnutls", + "version": "3.6.16-6.el8_7", + "kind": "binary", + "source": { + "id": "61", + "name": "gnutls", + "version": "3.6.16-6.el8_7", + "kind": "source" + }, + "arch": "aarch64" + }, + "64": { + "id": "64", + "name": "json-glib", + "version": "1.4.4-1.el8", + "kind": "binary", + "source": { + "id": "63", + "name": "json-glib", + "version": "1.4.4-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "66": { + "id": "66", + "name": "gobject-introspection", + "version": "1.56.1-1.el8", + "kind": "binary", + "source": { + "id": "65", + "name": "gobject-introspection", + "version": "1.56.1-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "68": { + "id": "68", + "name": "libksba", + "version": "1.3.5-9.el8_7", + "kind": "binary", + "source": { + "id": "67", + "name": "libksba", + "version": "1.3.5-9.el8_7", + "kind": "source" + }, + "arch": "aarch64" + }, + "70": { + "id": "70", + "name": "brotli", + "version": "1.0.6-3.el8", + "kind": "binary", + "source": { + "id": "69", + "name": "brotli", + "version": "1.0.6-3.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "72": { + "id": "72", + "name": "keyutils-libs", + "version": "1.5.10-9.el8", + "kind": "binary", + "source": { + "id": "71", + "name": "keyutils", + "version": "1.5.10-9.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "74": { + "id": "74", + "name": "audit-libs", + "version": "3.0.7-4.el8", + "kind": "binary", + "source": { + "id": "73", + "name": "audit", + "version": "3.0.7-4.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "76": { + "id": "76", + "name": "libsigsegv", + "version": "2.11-5.el8", + "kind": "binary", + "source": { + "id": "75", + "name": "libsigsegv", + "version": "2.11-5.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "78": { + "id": "78", + "name": "libstdc++", + "version": "8.5.0-18.el8", + "kind": "binary", + "source": { + "id": "77", + "name": "gcc", + "version": "8.5.0-18.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "80": { + "id": "80", + "name": "krb5-libs", + "version": "1.18.2-25.el8_8", + "kind": "binary", + "source": { + "id": "79", + "name": "krb5", + "version": "1.18.2-25.el8_8", + "kind": "source" + }, + "arch": "aarch64" + }, + "82": { + "id": "82", + "name": "libxcrypt", + "version": "4.1.1-6.el8", + "kind": "binary", + "source": { + "id": "81", + "name": "libxcrypt", + "version": "4.1.1-6.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "84": { + "id": "84", + "name": "openldap", + "version": "2.4.46-18.el8", + "kind": "binary", + "source": { + "id": "83", + "name": "openldap", + "version": "2.4.46-18.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "86": { + "id": "86", + "name": "npth", + "version": "1.5-4.el8", + "kind": "binary", + "source": { + "id": "85", + "name": "npth", + "version": "1.5-4.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "88": { + "id": "88", + "name": "gpgme", + "version": "1.13.1-11.el8", + "kind": "binary", + "source": { + "id": "87", + "name": "gpgme", + "version": "1.13.1-11.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "90": { + "id": "90", + "name": "libpsl", + "version": "0.20.2-6.el8", + "kind": "binary", + "source": { + "id": "89", + "name": "libpsl", + "version": "0.20.2-6.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "92": { + "id": "92", + "name": "librepo", + "version": "1.14.2-4.el8", + "kind": "binary", + "source": { + "id": "91", + "name": "librepo", + "version": "1.14.2-4.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "94": { + "id": "94", + "name": "rpm", + "version": "4.14.3-26.el8", + "kind": "binary", + "source": { + "id": "93", + "name": "rpm", + "version": "4.14.3-26.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "96": { + "id": "96", + "name": "libmodulemd", + "version": "2.13.0-1.el8", + "kind": "binary", + "source": { + "id": "95", + "name": "libmodulemd", + "version": "2.13.0-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "98": { + "id": "98", + "name": "libdnf", + "version": "0.63.0-14.el8_8", + "kind": "binary", + "source": { + "id": "97", + "name": "libdnf", + "version": "0.63.0-14.el8_8", + "kind": "source" + }, + "arch": "aarch64" + }, + "100": { + "id": "100", + "name": "langpacks-en", + "version": "1.0-12.el8", + "kind": "binary", + "source": { + "id": "99", + "name": "langpacks", + "version": "1.0-12.el8", + "kind": "source" + }, + "arch": "noarch" + }, + "102": { + "id": "102", + "name": "libgcc", + "version": "8.5.0-18.el8", + "kind": "binary", + "source": { + "id": "77", + "name": "gcc", + "version": "8.5.0-18.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "104": { + "id": "104", + "name": "ncurses-base", + "version": "6.1-9.20180224.el8_8.1", + "kind": "binary", + "source": { + "id": "11", + "name": "ncurses", + "version": "6.1-9.20180224.el8_8.1", + "kind": "source" + }, + "arch": "noarch" + }, + "106": { + "id": "106", + "name": "tzdata", + "version": "2023c-1.el8", + "kind": "binary", + "source": { + "id": "105", + "name": "tzdata", + "version": "2023c-1.el8", + "kind": "source" + }, + "arch": "noarch" + }, + "108": { + "id": "108", + "name": "setup", + "version": "2.12.2-9.el8", + "kind": "binary", + "source": { + "id": "107", + "name": "setup", + "version": "2.12.2-9.el8", + "kind": "source" + }, + "arch": "noarch" + }, + "110": { + "id": "110", + "name": "basesystem", + "version": "11-5.el8", + "kind": "binary", + "source": { + "id": "109", + "name": "basesystem", + "version": "11-5.el8", + "kind": "source" + }, + "arch": "noarch" + }, + "112": { + "id": "112", + "name": "libselinux", + "version": "2.9-8.el8", + "kind": "binary", + "source": { + "id": "111", + "name": "libselinux", + "version": "2.9-8.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "114": { + "id": "114", + "name": "glibc-common", + "version": "2.28-225.el8_8.6", + "kind": "binary", + "source": { + "id": "13", + "name": "glibc", + "version": "2.28-225.el8_8.6", + "kind": "source" + }, + "arch": "aarch64" + }, + "116": { + "id": "116", + "name": "glibc", + "version": "2.28-225.el8_8.6", + "kind": "binary", + "source": { + "id": "13", + "name": "glibc", + "version": "2.28-225.el8_8.6", + "kind": "source" + }, + "arch": "aarch64" + }, + "118": { + "id": "118", + "name": "libsepol", + "version": "2.9-3.el8", + "kind": "binary", + "source": { + "id": "117", + "name": "libsepol", + "version": "2.9-3.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "120": { + "id": "120", + "name": "libgpg-error", + "version": "1.31-1.el8", + "kind": "binary", + "source": { + "id": "119", + "name": "libgpg-error", + "version": "1.31-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "122": { + "id": "122", + "name": "info", + "version": "6.5-7.el8", + "kind": "binary", + "source": { + "id": "121", + "name": "texinfo", + "version": "6.5-7.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "124": { + "id": "124", + "name": "sqlite-libs", + "version": "3.26.0-18.el8_8", + "kind": "binary", + "source": { + "id": "123", + "name": "sqlite", + "version": "3.26.0-18.el8_8", + "kind": "source" + }, + "arch": "aarch64" + }, + "126": { + "id": "126", + "name": "libcom_err", + "version": "1.45.6-5.el8", + "kind": "binary", + "source": { + "id": "125", + "name": "e2fsprogs", + "version": "1.45.6-5.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "128": { + "id": "128", + "name": "libcap", + "version": "2.48-5.el8_8", + "kind": "binary", + "source": { + "id": "127", + "name": "libcap", + "version": "2.48-5.el8_8", + "kind": "source" + }, + "arch": "aarch64" + }, + "130": { + "id": "130", + "name": "libidn2", + "version": "2.2.0-1.el8", + "kind": "binary", + "source": { + "id": "129", + "name": "libidn2", + "version": "2.2.0-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "132": { + "id": "132", + "name": "libffi", + "version": "3.1-24.el8", + "kind": "binary", + "source": { + "id": "131", + "name": "libffi", + "version": "3.1-24.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "134": { + "id": "134", + "name": "popt", + "version": "1.18-1.el8", + "kind": "binary", + "source": { + "id": "133", + "name": "popt", + "version": "1.18-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "136": { + "id": "136", + "name": "libassuan", + "version": "2.5.1-3.el8", + "kind": "binary", + "source": { + "id": "135", + "name": "libassuan", + "version": "2.5.1-3.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "138": { + "id": "138", + "name": "elfutils-libelf", + "version": "0.188-3.el8", + "kind": "binary", + "source": { + "id": "137", + "name": "elfutils", + "version": "0.188-3.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "140": { + "id": "140", + "name": "libacl", + "version": "2.2.53-1.el8", + "kind": "binary", + "source": { + "id": "139", + "name": "acl", + "version": "2.2.53-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "142": { + "id": "142", + "name": "sed", + "version": "4.5-5.el8", + "kind": "binary", + "source": { + "id": "141", + "name": "sed", + "version": "4.5-5.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "144": { + "id": "144", + "name": "lua-libs", + "version": "5.3.4-12.el8", + "kind": "binary", + "source": { + "id": "143", + "name": "lua", + "version": "5.3.4-12.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "146": { + "id": "146", + "name": "pcre", + "version": "8.42-6.el8", + "kind": "binary", + "source": { + "id": "145", + "name": "pcre", + "version": "8.42-6.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "148": { + "id": "148", + "name": "libuuid", + "version": "2.32.1-42.el8_8", + "kind": "binary", + "source": { + "id": "47", + "name": "util-linux", + "version": "2.32.1-42.el8_8", + "kind": "source" + }, + "arch": "aarch64" + }, + "150": { + "id": "150", + "name": "libblkid", + "version": "2.32.1-42.el8_8", + "kind": "binary", + "source": { + "id": "47", + "name": "util-linux", + "version": "2.32.1-42.el8_8", + "kind": "source" + }, + "arch": "aarch64" + }, + "152": { + "id": "152", + "name": "systemd-libs", + "version": "239-74.el8_8.5", + "kind": "binary", + "source": { + "id": "151", + "name": "systemd", + "version": "239-74.el8_8.5", + "kind": "source" + }, + "arch": "aarch64" + }, + "154": { + "id": "154", + "name": "chkconfig", + "version": "1.19.1-1.el8", + "kind": "binary", + "source": { + "id": "153", + "name": "chkconfig", + "version": "1.19.1-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "156": { + "id": "156", + "name": "ca-certificates", + "version": "2023.2.60_v7.0.306-80.0.el8_8", + "kind": "binary", + "source": { + "id": "155", + "name": "ca-certificates", + "version": "2023.2.60_v7.0.306-80.0.el8_8", + "kind": "source" + }, + "arch": "noarch" + }, + "158": { + "id": "158", + "name": "libdb", + "version": "5.3.28-42.el8_4", + "kind": "binary", + "source": { + "id": "57", + "name": "libdb", + "version": "5.3.28-42.el8_4", + "kind": "source" + }, + "arch": "aarch64" + }, + "160": { + "id": "160", + "name": "libarchive", + "version": "3.3.3-5.el8", + "kind": "binary", + "source": { + "id": "159", + "name": "libarchive", + "version": "3.3.3-5.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "162": { + "id": "162", + "name": "nettle", + "version": "3.4.1-7.el8", + "kind": "binary", + "source": { + "id": "161", + "name": "nettle", + "version": "3.4.1-7.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "164": { + "id": "164", + "name": "glib2", + "version": "2.56.4-161.el8", + "kind": "binary", + "source": { + "id": "163", + "name": "glib2", + "version": "2.56.4-161.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "166": { + "id": "166", + "name": "librhsm", + "version": "0.0.3-5.el8", + "kind": "binary", + "source": { + "id": "165", + "name": "librhsm", + "version": "0.0.3-5.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "168": { + "id": "168", + "name": "libpeas", + "version": "1.22.0-6.el8", + "kind": "binary", + "source": { + "id": "167", + "name": "libpeas", + "version": "1.22.0-6.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "170": { + "id": "170", + "name": "file-libs", + "version": "5.33-24.el8", + "kind": "binary", + "source": { + "id": "169", + "name": "file", + "version": "5.33-24.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "172": { + "id": "172", + "name": "json-c", + "version": "0.13.1-3.el8", + "kind": "binary", + "source": { + "id": "171", + "name": "json-c", + "version": "0.13.1-3.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "174": { + "id": "174", + "name": "libcap-ng", + "version": "0.7.11-1.el8", + "kind": "binary", + "source": { + "id": "173", + "name": "libcap-ng", + "version": "0.7.11-1.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "176": { + "id": "176", + "name": "libnghttp2", + "version": "1.33.0-3.el8_2.1", + "kind": "binary", + "source": { + "id": "175", + "name": "nghttp2", + "version": "1.33.0-3.el8_2.1", + "kind": "source" + }, + "arch": "aarch64" + }, + "178": { + "id": "178", + "name": "gawk", + "version": "4.2.1-4.el8", + "kind": "binary", + "source": { + "id": "177", + "name": "gawk", + "version": "4.2.1-4.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "180": { + "id": "180", + "name": "libverto", + "version": "0.3.2-2.el8", + "kind": "binary", + "source": { + "id": "179", + "name": "libverto", + "version": "0.3.2-2.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "182": { + "id": "182", + "name": "libssh", + "version": "0.9.6-10.el8_8", + "kind": "binary", + "source": { + "id": "3", + "name": "libssh", + "version": "0.9.6-10.el8_8", + "kind": "source" + }, + "arch": "aarch64" + }, + "184": { + "id": "184", + "name": "cyrus-sasl-lib", + "version": "2.1.27-6.el8_5", + "kind": "binary", + "source": { + "id": "183", + "name": "cyrus-sasl", + "version": "2.1.27-6.el8_5", + "kind": "source" + }, + "arch": "aarch64" + }, + "186": { + "id": "186", + "name": "libyaml", + "version": "0.1.7-5.el8", + "kind": "binary", + "source": { + "id": "185", + "name": "libyaml", + "version": "0.1.7-5.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "188": { + "id": "188", + "name": "gnupg2", + "version": "2.2.20-3.el8_6", + "kind": "binary", + "source": { + "id": "187", + "name": "gnupg2", + "version": "2.2.20-3.el8_6", + "kind": "source" + }, + "arch": "aarch64" + }, + "190": { + "id": "190", + "name": "publicsuffix-list-dafsa", + "version": "20180723-1.el8", + "kind": "binary", + "source": { + "id": "189", + "name": "publicsuffix-list", + "version": "20180723-1.el8", + "kind": "source" + }, + "arch": "noarch" + }, + "192": { + "id": "192", + "name": "libcurl", + "version": "7.61.1-30.el8_8.3", + "kind": "binary", + "source": { + "id": "191", + "name": "curl", + "version": "7.61.1-30.el8_8.3", + "kind": "source" + }, + "arch": "aarch64" + }, + "194": { + "id": "194", + "name": "curl", + "version": "7.61.1-30.el8_8.3", + "kind": "binary", + "source": { + "id": "191", + "name": "curl", + "version": "7.61.1-30.el8_8.3", + "kind": "source" + }, + "arch": "aarch64" + }, + "196": { + "id": "196", + "name": "rpm-libs", + "version": "4.14.3-26.el8", + "kind": "binary", + "source": { + "id": "93", + "name": "rpm", + "version": "4.14.3-26.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "198": { + "id": "198", + "name": "libsolv", + "version": "0.7.20-4.el8_7", + "kind": "binary", + "source": { + "id": "197", + "name": "libsolv", + "version": "0.7.20-4.el8_7", + "kind": "source" + }, + "arch": "aarch64" + }, + "200": { + "id": "200", + "name": "microdnf", + "version": "3.8.0-2.el8", + "kind": "binary", + "source": { + "id": "199", + "name": "microdnf", + "version": "3.8.0-2.el8", + "kind": "source" + }, + "arch": "aarch64" + }, + "202": { + "id": "202", + "name": "rootfiles", + "version": "8.1-22.el8", + "kind": "binary", + "source": { + "id": "201", + "name": "rootfiles", + "version": "8.1-22.el8", + "kind": "source" + }, + "arch": "noarch" + }, + "204": { + "id": "204", + "name": "ubi8-minimal-container", + "version": "8.8-1072.1696517598", + "kind": "source", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "rhctag:8.8.0.0.0.0.0.0.0.0", + "arch": "aarch64" + }, + "206": { + "id": "206", + "name": "ubi8/ubi-minimal", + "version": "8.8-1072.1696517598", + "kind": "binary", + "source": { + "id": "204", + "name": "ubi8-minimal-container", + "version": "8.8-1072.1696517598", + "kind": "source", + "arch": "aarch64" + }, + "normalized_version": "rhctag:8.8.0.0.0.0.0.0.0.0", + "arch": "aarch64" + }, + "208": { + "id": "208", + "name": "stdlib", + "version": "go1.20.9", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.20.9.0.0.0.0.0.0" + }, + "210": { + "id": "210", + "name": "github.com/quay/clair/v4", + "version": "(devel)", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + } + }, + "212": { + "id": "212", + "name": "github.com/Masterminds/semver", + "version": "v1.5.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.5.0.0.0.0.0.0.0" + }, + "214": { + "id": "214", + "name": "github.com/beorn7/perks", + "version": "v1.0.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.0.1.0.0.0.0.0.0" + }, + "216": { + "id": "216", + "name": "github.com/cespare/xxhash/v2", + "version": "v2.2.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.2.2.0.0.0.0.0.0.0" + }, + "218": { + "id": "218", + "name": "github.com/containerd/stargz-snapshotter/estargz", + "version": "v0.14.3", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.14.3.0.0.0.0.0.0" + }, + "220": { + "id": "220", + "name": "github.com/cpuguy83/go-md2man/v2", + "version": "v2.0.2", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.2.0.2.0.0.0.0.0.0" + }, + "222": { + "id": "222", + "name": "github.com/docker/cli", + "version": "v23.0.5+incompatible", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.23.0.5.0.0.0.0.0.0" + }, + "224": { + "id": "224", + "name": "github.com/docker/distribution", + "version": "v2.8.1+incompatible", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.2.8.1.0.0.0.0.0.0" + }, + "226": { + "id": "226", + "name": "github.com/docker/docker", + "version": "v23.0.5+incompatible", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.23.0.5.0.0.0.0.0.0" + }, + "228": { + "id": "228", + "name": "github.com/docker/docker-credential-helpers", + "version": "v0.7.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.7.0.0.0.0.0.0.0" + }, + "230": { + "id": "230", + "name": "github.com/doug-martin/goqu/v8", + "version": "v8.6.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.8.6.0.0.0.0.0.0.0" + }, + "232": { + "id": "232", + "name": "github.com/dustin/go-humanize", + "version": "v1.0.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.0.1.0.0.0.0.0.0" + }, + "234": { + "id": "234", + "name": "github.com/evanphx/json-patch/v5", + "version": "v5.6.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.5.6.0.0.0.0.0.0.0" + }, + "236": { + "id": "236", + "name": "github.com/felixge/httpsnoop", + "version": "v1.0.3", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.0.3.0.0.0.0.0.0" + }, + "238": { + "id": "238", + "name": "github.com/go-logr/logr", + "version": "v1.2.4", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.2.4.0.0.0.0.0.0" + }, + "240": { + "id": "240", + "name": "github.com/go-logr/stdr", + "version": "v1.2.2", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.2.2.0.0.0.0.0.0" + }, + "242": { + "id": "242", + "name": "github.com/golang/protobuf", + "version": "v1.5.3", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.5.3.0.0.0.0.0.0" + }, + "244": { + "id": "244", + "name": "github.com/google/go-containerregistry", + "version": "v0.15.2", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.15.2.0.0.0.0.0.0" + }, + "246": { + "id": "246", + "name": "github.com/google/uuid", + "version": "v1.3.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.3.1.0.0.0.0.0.0" + }, + "248": { + "id": "248", + "name": "github.com/jackc/chunkreader/v2", + "version": "v2.0.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.2.0.1.0.0.0.0.0.0" + }, + "250": { + "id": "250", + "name": "github.com/jackc/pgconn", + "version": "v1.14.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.14.1.0.0.0.0.0.0" + }, + "252": { + "id": "252", + "name": "github.com/jackc/pgio", + "version": "v1.0.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.0.0.0.0.0.0.0.0" + }, + "254": { + "id": "254", + "name": "github.com/jackc/pgpassfile", + "version": "v1.0.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.0.0.0.0.0.0.0.0" + }, + "256": { + "id": "256", + "name": "github.com/jackc/pgproto3/v2", + "version": "v2.3.2", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.2.3.2.0.0.0.0.0.0" + }, + "258": { + "id": "258", + "name": "github.com/jackc/pgservicefile", + "version": "v0.0.0-20221227161230-091c0ba34f0a", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.0.0.0.0.0.0.0.0" + }, + "260": { + "id": "260", + "name": "github.com/jackc/pgtype", + "version": "v1.14.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.14.0.0.0.0.0.0.0" + }, + "262": { + "id": "262", + "name": "github.com/jackc/pgx/v4", + "version": "v4.18.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.4.18.1.0.0.0.0.0.0" + }, + "264": { + "id": "264", + "name": "github.com/jackc/puddle", + "version": "v1.3.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.3.0.0.0.0.0.0.0" + }, + "266": { + "id": "266", + "name": "github.com/klauspost/compress", + "version": "v1.17.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.17.0.0.0.0.0.0.0" + }, + "268": { + "id": "268", + "name": "github.com/knqyf263/go-apk-version", + "version": "v0.0.0-20200609155635-041fdbb8563f", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.0.0.0.0.0.0.0.0" + }, + "270": { + "id": "270", + "name": "github.com/knqyf263/go-deb-version", + "version": "v0.0.0-20190517075300-09fca494f03d", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.0.0.0.0.0.0.0.0" + }, + "272": { + "id": "272", + "name": "github.com/knqyf263/go-rpm-version", + "version": "v0.0.0-20170716094938-74609b86c936", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.0.0.0.0.0.0.0.0" + }, + "274": { + "id": "274", + "name": "github.com/ldelossa/responserecorder", + "version": "v1.0.2-0.20210711162258-40bec93a9325", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.0.2.0.0.0.0.0.0" + }, + "276": { + "id": "276", + "name": "github.com/mattn/go-colorable", + "version": "v0.1.13", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.1.13.0.0.0.0.0.0" + }, + "278": { + "id": "278", + "name": "github.com/mattn/go-isatty", + "version": "v0.0.16", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.0.16.0.0.0.0.0.0" + }, + "280": { + "id": "280", + "name": "github.com/matttproud/golang_protobuf_extensions", + "version": "v1.0.4", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.0.4.0.0.0.0.0.0" + }, + "282": { + "id": "282", + "name": "github.com/mitchellh/go-homedir", + "version": "v1.1.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.1.0.0.0.0.0.0.0" + }, + "284": { + "id": "284", + "name": "github.com/opencontainers/go-digest", + "version": "v1.0.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.0.0.0.0.0.0.0.0" + }, + "286": { + "id": "286", + "name": "github.com/opencontainers/image-spec", + "version": "v1.1.0-rc3", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.1.0.0.0.0.0.0.0" + }, + "288": { + "id": "288", + "name": "github.com/pkg/errors", + "version": "v0.9.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.9.1.0.0.0.0.0.0" + }, + "290": { + "id": "290", + "name": "github.com/prometheus/client_golang", + "version": "v1.17.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.17.0.0.0.0.0.0.0" + }, + "292": { + "id": "292", + "name": "github.com/prometheus/client_model", + "version": "v0.4.1-0.20230718164431-9a2bf3000d16", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.4.1.0.0.0.0.0.0" + }, + "294": { + "id": "294", + "name": "github.com/prometheus/common", + "version": "v0.44.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.44.0.0.0.0.0.0.0" + }, + "296": { + "id": "296", + "name": "github.com/prometheus/procfs", + "version": "v0.11.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.11.1.0.0.0.0.0.0" + }, + "298": { + "id": "298", + "name": "github.com/quay/clair/config", + "version": "v1.3.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.3.0.0.0.0.0.0.0" + }, + "300": { + "id": "300", + "name": "github.com/quay/claircore", + "version": "v1.5.19", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.5.19.0.0.0.0.0.0" + }, + "302": { + "id": "302", + "name": "github.com/quay/claircore/toolkit", + "version": "v1.1.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.1.1.0.0.0.0.0.0" + }, + "304": { + "id": "304", + "name": "github.com/quay/claircore/updater/driver", + "version": "v1.0.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.0.0.0.0.0.0.0.0" + }, + "306": { + "id": "306", + "name": "github.com/quay/goval-parser", + "version": "v0.8.8", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.8.8.0.0.0.0.0.0" + }, + "308": { + "id": "308", + "name": "github.com/quay/zlog", + "version": "v1.1.5", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.1.5.0.0.0.0.0.0" + }, + "310": { + "id": "310", + "name": "github.com/remind101/migrate", + "version": "v0.0.0-20170729031349-52c1edff7319", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.0.0.0.0.0.0.0.0" + }, + "312": { + "id": "312", + "name": "github.com/remyoudompheng/bigfft", + "version": "v0.0.0-20230129092748-24d4a6f8daec", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.0.0.0.0.0.0.0.0" + }, + "314": { + "id": "314", + "name": "github.com/rs/zerolog", + "version": "v1.30.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.30.0.0.0.0.0.0.0" + }, + "316": { + "id": "316", + "name": "github.com/russross/blackfriday/v2", + "version": "v2.1.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.2.1.0.0.0.0.0.0.0" + }, + "318": { + "id": "318", + "name": "github.com/sirupsen/logrus", + "version": "v1.9.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.9.0.0.0.0.0.0.0" + }, + "320": { + "id": "320", + "name": "github.com/tomnomnom/linkheader", + "version": "v0.0.0-20180905144013-02ca5825eb80", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.0.0.0.0.0.0.0.0" + }, + "322": { + "id": "322", + "name": "github.com/ugorji/go/codec", + "version": "v1.2.11", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.2.11.0.0.0.0.0.0" + }, + "324": { + "id": "324", + "name": "github.com/urfave/cli/v2", + "version": "v2.25.7", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.2.25.7.0.0.0.0.0.0" + }, + "326": { + "id": "326", + "name": "github.com/vbatts/tar-split", + "version": "v0.11.3", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.11.3.0.0.0.0.0.0" + }, + "328": { + "id": "328", + "name": "github.com/xrash/smetrics", + "version": "v0.0.0-20201216005158-039620a65673", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.0.0.0.0.0.0.0.0" + }, + "330": { + "id": "330", + "name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", + "version": "v0.42.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.42.0.0.0.0.0.0.0" + }, + "332": { + "id": "332", + "name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", + "version": "v0.42.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.42.0.0.0.0.0.0.0" + }, + "334": { + "id": "334", + "name": "go.opentelemetry.io/otel", + "version": "v1.16.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.16.0.0.0.0.0.0.0" + }, + "336": { + "id": "336", + "name": "go.opentelemetry.io/otel/metric", + "version": "v1.16.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.16.0.0.0.0.0.0.0" + }, + "338": { + "id": "338", + "name": "go.opentelemetry.io/otel/trace", + "version": "v1.16.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.16.0.0.0.0.0.0.0" + }, + "340": { + "id": "340", + "name": "golang.org/x/crypto", + "version": "v0.12.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.12.0.0.0.0.0.0.0" + }, + "342": { + "id": "342", + "name": "golang.org/x/net", + "version": "v0.14.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.14.0.0.0.0.0.0.0" + }, + "344": { + "id": "344", + "name": "golang.org/x/sync", + "version": "v0.3.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.3.0.0.0.0.0.0.0" + }, + "346": { + "id": "346", + "name": "golang.org/x/sys", + "version": "v0.11.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.11.0.0.0.0.0.0.0" + }, + "348": { + "id": "348", + "name": "golang.org/x/text", + "version": "v0.12.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.12.0.0.0.0.0.0.0" + }, + "350": { + "id": "350", + "name": "golang.org/x/time", + "version": "v0.3.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.3.0.0.0.0.0.0.0" + }, + "352": { + "id": "352", + "name": "google.golang.org/protobuf", + "version": "v1.31.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.31.0.0.0.0.0.0.0" + }, + "354": { + "id": "354", + "name": "gopkg.in/square/go-jose.v2", + "version": "v2.6.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.2.6.0.0.0.0.0.0.0" + }, + "356": { + "id": "356", + "name": "gopkg.in/yaml.v3", + "version": "v3.0.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.3.0.1.0.0.0.0.0.0" + }, + "358": { + "id": "358", + "name": "modernc.org/libc", + "version": "v1.24.1", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.24.1.0.0.0.0.0.0" + }, + "360": { + "id": "360", + "name": "modernc.org/mathutil", + "version": "v1.5.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.5.0.0.0.0.0.0.0" + }, + "362": { + "id": "362", + "name": "modernc.org/memory", + "version": "v1.6.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.6.0.0.0.0.0.0.0" + }, + "364": { + "id": "364", + "name": "modernc.org/sqlite", + "version": "v1.26.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.26.0.0.0.0.0.0.0" + }, + "388": { + "id": "388", + "name": "github.com/go-stomp/stomp/v3", + "version": "v3.0.5", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.3.0.5.0.0.0.0.0.0" + }, + "438": { + "id": "438", + "name": "github.com/pyroscope-io/godeltaprof", + "version": "v0.1.2", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.0.1.2.0.0.0.0.0.0" + }, + "458": { + "id": "458", + "name": "github.com/streadway/amqp", + "version": "v1.1.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.1.0.0.0.0.0.0.0" + }, + "468": { + "id": "468", + "name": "go.opentelemetry.io/otel/exporters/jaeger", + "version": "v1.16.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.16.0.0.0.0.0.0.0" + }, + "470": { + "id": "470", + "name": "go.opentelemetry.io/otel/exporters/stdout/stdouttrace", + "version": "v1.16.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.16.0.0.0.0.0.0.0" + }, + "474": { + "id": "474", + "name": "go.opentelemetry.io/otel/sdk", + "version": "v1.16.0", + "kind": "binary", + "source": { + "id": "203", + "name": "", + "version": "" + }, + "normalized_version": "semver:0.1.16.0.0.0.0.0.0.0" } - }, - "distributions":{ - "1":{ - "id":"1", - "did":"", - "name":"", - "version":"", - "version_code_name":"", - "version_id":"", - "arch":"", - "cpe":"", - "pretty_name":"" - }, - "2":{ - "id":"2", - "did":"debian", - "name":"Debian GNU/Linux", - "version":"10 (buster)", - "version_code_name":"buster", - "version_id":"10", - "arch":"", - "cpe":"", - "pretty_name":"Debian GNU/Linux 10 (buster)" + }, + "distributions": { + "1": { + "id": "1", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" } - }, - "repository":{ - - }, - "environments":{ - "10":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "100":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "102":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "104":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "106":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "108":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "110":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "112":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "114":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "116":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "118":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "12":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "120":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "122":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "124":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "128":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "132":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "138":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "14":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "140":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "142":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "144":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "146":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "148":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "154":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "156":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "158":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "16":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "160":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "162":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "164":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "166":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "168":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "174":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "18":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "196":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "2":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "20":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "22":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "234":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "24":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "240":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "252":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "258":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "26":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "266":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "294":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "298":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "30":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "302":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "304":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "318":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "32":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "320":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "34":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "36":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "38":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "4":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "40":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "42":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "44":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "46":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "48":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "50":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "52":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "54":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "56":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "58":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "60":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "62":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "64":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "68":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "70":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "74":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "76":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "78":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "8":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "80":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "82":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "86":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "88":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "92":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "94":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } - ], - "96":[ - { - "package_db":"var/lib/dpkg/status", - "introduced_in":"sha256:8d691f585fa8cec0eba196be460cfaffd69939782d6162986c3e0c5225d54f02", - "distribution_id":"2", - "repository_id":"" - } + }, + "repository": { + "1": { + "id": "1", + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" + }, + "2": { + "id": "2", + "name": "cpe:/o:redhat:rhel:8.3::baseos", + "key": "rhel-cpe-repository", + "cpe": "cpe:2.3:o:redhat:rhel:8.3:*:baseos:*:*:*:*:*" + }, + "3": { + "id": "3", + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository", + "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" + }, + "4": { + "id": "4", + "name": "cpe:/a:redhat:rhel:8.3::appstream", + "key": "rhel-cpe-repository", + "cpe": "cpe:2.3:a:redhat:rhel:8.3:*:appstream:*:*:*:*:*" + }, + "5": { + "id": "5", + "name": "Red Hat Container Catalog", + "uri": "https://catalog.redhat.com/software/containers/explore" + }, + "6": { + "id": "6", + "name": "go", + "uri": "https://pkg.go.dev/" + } + }, + "environments": { + "2": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "4": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "6": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "8": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "10": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "12": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "14": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "16": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "18": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "20": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "22": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "24": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "26": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "28": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "30": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "32": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "34": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "36": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "38": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "40": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "42": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "44": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "46": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "48": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "50": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "52": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "54": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "56": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "58": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "60": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "62": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "64": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "66": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "68": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "70": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "72": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "74": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "76": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "78": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "80": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "82": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "84": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "86": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "88": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "90": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "92": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "94": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "96": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "98": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "100": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "102": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "104": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "106": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "108": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "110": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "112": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "114": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "116": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "118": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "120": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "122": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "124": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "126": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "128": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "130": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "132": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "134": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "136": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "138": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "140": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "142": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "144": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "146": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "148": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "150": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "152": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "154": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "156": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "158": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "160": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "162": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "164": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "166": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "168": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "170": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "172": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "174": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "176": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "178": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "180": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "182": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "184": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "186": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "188": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "190": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "192": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "194": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "196": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "198": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "200": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "202": [ + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "1", + "repository_ids": [ + "1", + "2", + "3", + "4" + ] + }, + { + "package_db": "bdb:var/lib/rpm", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": null + } + ], + "204": [ + { + "package_db": "root/buildinfo/Dockerfile-ubi8-minimal-8.8-1072.1696517598", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": [ + "5" + ] + } + ], + "206": [ + { + "package_db": "root/buildinfo/Dockerfile-ubi8-minimal-8.8-1072.1696517598", + "introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1", + "distribution_id": "", + "repository_ids": [ + "5" + ] + } + ], + "208": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "210": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "212": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "214": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "216": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "218": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "220": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "222": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "224": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "226": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "228": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "230": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "232": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "234": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "236": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "238": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "240": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "242": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "244": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "246": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "248": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "250": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "252": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "254": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "256": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "258": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "260": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "262": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "264": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "266": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "268": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "270": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "272": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "274": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "276": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "278": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "280": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "282": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "284": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "286": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "288": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "290": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "292": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "294": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "296": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "298": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "300": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "302": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "304": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "306": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "308": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "310": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "312": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "314": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "316": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "318": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "320": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "322": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "324": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "326": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "328": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "330": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "332": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "334": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "336": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "338": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "340": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "342": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "344": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "346": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "348": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "350": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "352": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "354": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "356": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "358": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "360": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "362": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "364": [ + { + "package_db": "go:usr/bin/clairctl", + "introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "388": [ + { + "package_db": "go:usr/bin/clair", + "introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "438": [ + { + "package_db": "go:usr/bin/clair", + "introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "458": [ + { + "package_db": "go:usr/bin/clair", + "introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "468": [ + { + "package_db": "go:usr/bin/clair", + "introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "470": [ + { + "package_db": "go:usr/bin/clair", + "introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } + ], + "474": [ + { + "package_db": "go:usr/bin/clair", + "introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92", + "distribution_id": "", + "repository_ids": [ + "6" + ] + } ] - }, - "vulnerabilities":{ - "103171":{ - "id":"103171", - "updater":"", - "name":"CVE-2017-11164", - "description":"In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "104624":{ - "id":"104624", - "updater":"", - "name":"CVE-2017-12814", - "description":"Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12814", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "109054":{ - "id":"109054", - "updater":"", - "name":"CVE-2017-16231", - "description":"** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16231", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "110278":{ - "id":"110278", - "updater":"", - "name":"CVE-2017-17426", - "description":"The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17426", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "111143":{ - "id":"111143", - "updater":"", - "name":"CVE-2017-18018", - "description":"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0", - "updater": "test_updater", - "distribution": { - "id": "", - "did": "", - "name": "rhel", - "version": "8.0", - "version_code_name": "", - "version_id": "", - "arch": "", - "cpe": "", - "pretty_name": "" - } - }, - "117001":{ - "id":"117001", - "updater":"", - "name":"CVE-2017-7245", - "description":"Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "117002":{ - "id":"117002", - "updater":"", - "name":"CVE-2017-7246", - "description":"Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "121183":{ - "id":"121183", - "updater":"", - "name":"CVE-2018-1000654", - "description":"GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "127298":{ - "id":"127298", - "updater":"", - "name":"CVE-2018-16588", - "description":"Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16588", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "128176":{ - "id":"128176", - "updater":"", - "name":"CVE-2018-17953", - "description":"A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17953", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "131937":{ - "id":"131937", - "updater":"", - "name":"CVE-2018-20796", - "description":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "132114":{ - "id":"132114", - "updater":"", - "name":"CVE-2018-21029", - "description":"** DISPUTED ** systemd 239 through 244 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent).", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21029", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "134451":{ - "id":"134451", - "updater":"", - "name":"CVE-2018-6557", - "description":"The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6557", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "134886":{ - "id":"134886", - "updater":"", - "name":"CVE-2018-7169", - "description":"An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "137073":{ - "id":"137073", - "updater":"", - "name":"CVE-2019-1010022", - "description":"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "137077":{ - "id":"137077", - "updater":"", - "name":"CVE-2019-1010023", - "description":"GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "137079":{ - "id":"137079", - "updater":"", - "name":"CVE-2019-1010024", - "description":"GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "137081":{ - "id":"137081", - "updater":"", - "name":"CVE-2019-1010025", - "description":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "139774":{ - "id":"139774", - "updater":"", - "name":"CVE-2019-12290", - "description":"GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "140291":{ - "id":"140291", - "updater":"", - "name":"CVE-2019-12904", - "description":"In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "141174":{ - "id":"141174", - "updater":"", - "name":"CVE-2019-13627", - "description":"It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "143286":{ - "id":"143286", - "updater":"", - "name":"CVE-2019-14855", - "description":"A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "144191":{ - "id":"144191", - "updater":"", - "name":"CVE-2019-15718", - "description":"In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"241-7~deb10u2" - }, - "145527":{ - "id":"145527", - "updater":"", - "name":"CVE-2019-17543", - "description":"LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "145539":{ - "id":"145539", - "updater":"", - "name":"CVE-2019-17594", - "description":"There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"6.1+20181013-2+deb10u2" - }, - "145540":{ - "id":"145540", - "updater":"", - "name":"CVE-2019-17595", - "description":"There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"6.1+20181013-2+deb10u2" - }, - "145714":{ - "id":"145714", - "updater":"", - "name":"CVE-2019-18224", - "description":"idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"2.0.5-1+deb10u1" - }, - "145782":{ - "id":"145782", - "updater":"", - "name":"CVE-2019-18276", - "description":"An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "146764":{ - "id":"146764", - "updater":"", - "name":"CVE-2019-19126", - "description":"On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "147511":{ - "id":"147511", - "updater":"", - "name":"CVE-2019-19882", - "description":"shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19882", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "148200":{ - "id":"148200", - "updater":"", - "name":"CVE-2019-20386", - "description":"An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "149270":{ - "id":"149270", - "updater":"", - "name":"CVE-2019-3815", - "description":"A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3815", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "149359":{ - "id":"149359", - "updater":"", - "name":"CVE-2019-3843", - "description":"It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "149362":{ - "id":"149362", - "updater":"", - "name":"CVE-2019-3844", - "description":"It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "149864":{ - "id":"149864", - "updater":"", - "name":"CVE-2019-5188", - "description":"A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"1.44.5-1+deb10u3" - }, - "152851":{ - "id":"152851", - "updater":"", - "name":"CVE-2019-9192", - "description":"** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "153794":{ - "id":"153794", - "updater":"", - "name":"CVE-2019-9893", - "description":"libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "153817":{ - "id":"153817", - "updater":"", - "name":"CVE-2019-9923", - "description":"pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "154072":{ - "id":"154072", - "updater":"", - "name":"CVE-2020-10029", - "description":"The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "154293":{ - "id":"154293", - "updater":"", - "name":"CVE-2020-1712", - "description":"", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "154428":{ - "id":"154428", - "updater":"", - "name":"CVE-2020-1751", - "description":"", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1751", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "154429":{ - "id":"154429", - "updater":"", - "name":"CVE-2020-1752", - "description":"", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1752", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "31865":{ - "id":"31865", - "updater":"", - "name":"CVE-2002-1594", - "description":"Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1594", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "32446":{ - "id":"32446", - "updater":"", - "name":"CVE-2003-0388", - "description":"pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0388", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "33464":{ - "id":"33464", - "updater":"", - "name":"CVE-2004-0377", - "description":"Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0377", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "33693":{ - "id":"33693", - "updater":"", - "name":"CVE-2004-0603", - "description":"gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0603", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "34633":{ - "id":"34633", - "updater":"", - "name":"CVE-2004-1349", - "description":"gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1349", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "35609":{ - "id":"35609", - "updater":"", - "name":"CVE-2005-0403", - "description":"init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0403", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "36798":{ - "id":"36798", - "updater":"", - "name":"CVE-2005-2541", - "description":"Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2541", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "37841":{ - "id":"37841", - "updater":"", - "name":"CVE-2005-4217", - "description":"Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the \"$\u003c\" variable to set uid, which allows attackers to gain privileges.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4217", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "37937":{ - "id":"37937", - "updater":"", - "name":"CVE-2005-4278", - "description":"Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4278", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "38319":{ - "id":"38319", - "updater":"", - "name":"CVE-2006-0455", - "description":"gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command \"gpg --verify\".", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "38545":{ - "id":"38545", - "updater":"", - "name":"CVE-2006-1183", - "description":"The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1183", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "39819":{ - "id":"39819", - "updater":"", - "name":"CVE-2006-3597", - "description":"passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the \"Go Back\" option after the final \"Installation complete\" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3597", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "40929":{ - "id":"40929", - "updater":"", - "name":"CVE-2007-0003", - "description":"pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0003", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "41255":{ - "id":"41255", - "updater":"", - "name":"CVE-2007-0822", - "description":"umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "43075":{ - "id":"43075", - "updater":"", - "name":"CVE-2007-5686", - "description":"initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5686", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "46717":{ - "id":"46717", - "updater":"", - "name":"CVE-2009-0537", - "description":"Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0537", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "46946":{ - "id":"46946", - "updater":"", - "name":"CVE-2009-0854", - "description":"Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0854", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "48646":{ - "id":"48646", - "updater":"", - "name":"CVE-2009-4135", - "description":"The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4135", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "49019":{ - "id":"49019", - "updater":"", - "name":"CVE-2009-5138", - "description":"GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5138", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "49035":{ - "id":"49035", - "updater":"", - "name":"CVE-2010-0002", - "description":"The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0002", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "49869":{ - "id":"49869", - "updater":"", - "name":"CVE-2010-0832", - "description":"pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to \"user file stamps\" and the motd.legal-notice file.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "49871":{ - "id":"49871", - "updater":"", - "name":"CVE-2010-0834", - "description":"The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0834", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "50179":{ - "id":"50179", - "updater":"", - "name":"CVE-2010-1158", - "description":"Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1158", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "52158":{ - "id":"52158", - "updater":"", - "name":"CVE-2010-4051", - "description":"The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4051", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "52159":{ - "id":"52159", - "updater":"", - "name":"CVE-2010-4052", - "description":"Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4052", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "52735":{ - "id":"52735", - "updater":"", - "name":"CVE-2010-4756", - "description":"The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "53399":{ - "id":"53399", - "updater":"", - "name":"CVE-2011-0536", - "description":"Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "55085":{ - "id":"55085", - "updater":"", - "name":"CVE-2011-2702", - "description":"Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2702", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "55773":{ - "id":"55773", - "updater":"", - "name":"CVE-2011-3374", - "description":"It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3374", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "56393":{ - "id":"56393", - "updater":"", - "name":"CVE-2011-4116", - "description":"_is_safe in the File::Temp module for Perl does not properly handle symlinks.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4116", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "63897":{ - "id":"63897", - "updater":"", - "name":"CVE-2013-0221", - "description":"The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0221", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "63898":{ - "id":"63898", - "updater":"", - "name":"CVE-2013-0222", - "description":"The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0222", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "63899":{ - "id":"63899", - "updater":"", - "name":"CVE-2013-0223", - "description":"The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0223", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "68515":{ - "id":"68515", - "updater":"", - "name":"CVE-2013-4235", - "description":"shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "68997":{ - "id":"68997", - "updater":"", - "name":"CVE-2013-4392", - "description":"systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "69261":{ - "id":"69261", - "updater":"", - "name":"CVE-2013-4466", - "description":"Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4466", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "69356":{ - "id":"69356", - "updater":"", - "name":"CVE-2013-4487", - "description":"Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4487", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "77964":{ - "id":"77964", - "updater":"", - "name":"CVE-2014-8155", - "description":"GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8155", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "80605":{ - "id":"80605", - "updater":"", - "name":"CVE-2015-0282", - "description":"GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0282", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "83692":{ - "id":"83692", - "updater":"", - "name":"CVE-2015-4035", - "description":"scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4035", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "83695":{ - "id":"83695", - "updater":"", - "name":"CVE-2015-4041", - "description":"The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4041", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "83696":{ - "id":"83696", - "updater":"", - "name":"CVE-2015-4042", - "description":"Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4042", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "84316":{ - "id":"84316", - "updater":"", - "name":"CVE-2015-5229", - "description":"The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5229", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "86508":{ - "id":"86508", - "updater":"", - "name":"CVE-2015-8313", - "description":"GnuTLS incorrectly validates the first byte of padding in CBC modes", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8313", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "87174":{ - "id":"87174", - "updater":"", - "name":"CVE-2015-8608", - "description":"The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8608", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "91083":{ - "id":"91083", - "updater":"", - "name":"CVE-2016-10228", - "description":"The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" - }, - "94190":{ - "id":"94190", - "updater":"", - "name":"CVE-2016-2781", - "description":"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0", - "updater": "test_updater", - "repository": { - "name": "test_repo", - "uri": "http://test-uri" - } - }, - "97564":{ - "id":"97564", - "updater":"", - "name":"CVE-2016-6313", - "description":"The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.", - "links":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313", - "severity":"", - "normalized_severity":"", - "fixed_in_version":"0" + }, + "vulnerabilities": { + "3238018": { + "id": "3238018", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2023:5837: nghttp2 security update (Important)", + "description": "nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2023-10-18T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2023:5837 https://access.redhat.com/security/cve/CVE-2023-44487", + "severity": "Important", + "normalized_severity": "High", + "package": { + "id": "", + "name": "libnghttp2", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:1.33.0-5.el8_8", + "arch_op": "pattern match" + }, + "3238062": { + "id": "3238062", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2023:5837: nghttp2 security update (Important)", + "description": "nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2023-10-18T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2023:5837 https://access.redhat.com/security/cve/CVE-2023-44487", + "severity": "Important", + "normalized_severity": "High", + "package": { + "id": "", + "name": "libnghttp2", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:1.33.0-5.el8_8", + "arch_op": "pattern match" + }, + "3417876": { + "id": "3417876", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2023:7877: openssl security update (Low)", + "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)\n\n* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)\n\n* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2023-12-19T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2023:7877 https://access.redhat.com/security/cve/CVE-2023-3446 https://access.redhat.com/security/cve/CVE-2023-3817 https://access.redhat.com/security/cve/CVE-2023-5678", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "1:1.1.1k-12.el8_9", + "arch_op": "pattern match" + }, + "3417961": { + "id": "3417961", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2023:7877: openssl security update (Low)", + "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)\n\n* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)\n\n* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2023-12-19T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2023:7877 https://access.redhat.com/security/cve/CVE-2023-3446 https://access.redhat.com/security/cve/CVE-2023-3817 https://access.redhat.com/security/cve/CVE-2023-5678", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "1:1.1.1k-12.el8_9", + "arch_op": "pattern match" + }, + "3425123": { + "id": "3425123", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2024:0119: libxml2 security update (Moderate)", + "description": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-10T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0119 https://access.redhat.com/security/cve/CVE-2023-39615", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libxml2", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:2.9.7-18.el8_9", + "arch_op": "pattern match" + }, + "3425218": { + "id": "3425218", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2024:0119: libxml2 security update (Moderate)", + "description": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-10T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0119 https://access.redhat.com/security/cve/CVE-2023-39615", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libxml2", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:2.9.7-18.el8_9", + "arch_op": "pattern match" + }, + "3470275": { + "id": "3470275", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2024:0155: gnutls security update (Moderate)", + "description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: timing side-channel in the RSA-PSK authentication (CVE-2023-5981)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-10T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0155 https://access.redhat.com/security/cve/CVE-2023-5981", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "gnutls", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:3.6.16-8.el8_9", + "arch_op": "pattern match" + }, + "3470539": { + "id": "3470539", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2024:0155: gnutls security update (Moderate)", + "description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: timing side-channel in the RSA-PSK authentication (CVE-2023-5981)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-10T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0155 https://access.redhat.com/security/cve/CVE-2023-5981", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "gnutls", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:3.6.16-8.el8_9", + "arch_op": "pattern match" + }, + "3475329": { + "id": "3475329", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2024:0253: sqlite security update (Moderate)", + "description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-15T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0253 https://access.redhat.com/security/cve/CVE-2023-7104", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:3.26.0-19.el8_9", + "arch_op": "pattern match" + }, + "3475421": { + "id": "3475421", + "updater": "RHEL8-rhel-8", + "name": "RHSA-2024:0253: sqlite security update (Moderate)", + "description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-15T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0253 https://access.redhat.com/security/cve/CVE-2023-7104", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:3.26.0-19.el8_9", + "arch_op": "pattern match" + }, + "10425539": { + "id": "10425539", + "updater": "osv/go", + "name": "GHSA-jq35-85cj-fj4p", + "description": "/sys/devices/virtual/powercap accessible by default to containers", + "issued": "2023-10-30T15:25:44Z", + "links": "https://github.com/moby/moby/security/advisories/GHSA-jq35-85cj-fj4p https://github.com/moby/moby/commit/48ebe353e49a9def5e6679f6e386b0efb1c95f0e https://github.com/moby/moby/commit/81ebe71275768629689a23bc3bca34b3b374a6a6 https://github.com/moby/moby/commit/c9ccbfad11a60e703e91b6cca4f48927828c7e35 https://github.com/moby/moby https://github.com/moby/moby/releases/tag/v20.10.27 https://github.com/moby/moby/releases/tag/v23.0.8 https://github.com/moby/moby/releases/tag/v24.0.7", + "severity": "", + "normalized_severity": "Unknown", + "package": { + "id": "", + "name": "github.com/docker/docker", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "", + "name": "", + "version": "", + "version_code_name": "", + "version_id": "", + "arch": "", + "cpe": "", + "pretty_name": "" + }, + "repository": { + "name": "go", + "uri": "https://pkg.go.dev/" + }, + "fixed_in_version": "" + }, + "13344105": { + "id": "13344105", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0627: gnutls security update (Moderate)", + "description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-31T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/security/cve/CVE-2024-0553", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "gnutls", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:3.6.16-8.el8_9.1", + "arch_op": "pattern match" + }, + "13344115": { + "id": "13344115", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0627: gnutls security update (Moderate)", + "description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-31T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/security/cve/CVE-2024-0553", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "gnutls", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:3.6.16-8.el8_9.1", + "arch_op": "pattern match" + }, + "13344165": { + "id": "13344165", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0628: libssh security update (Moderate)", + "description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-31T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libssh", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:0.9.6-13.el8_9", + "arch_op": "pattern match" + }, + "13344175": { + "id": "13344175", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0628: libssh security update (Moderate)", + "description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-31T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libssh", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:0.9.6-13.el8_9", + "arch_op": "pattern match" + }, + "13344177": { + "id": "13344177", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0628: libssh security update (Moderate)", + "description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-31T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libssh-config", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:0.9.6-13.el8_9" + }, + "13344187": { + "id": "13344187", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0628: libssh security update (Moderate)", + "description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-01-31T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libssh-config", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:0.9.6-13.el8_9" + }, + "13344213": { + "id": "13344213", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0647: rpm security update (Moderate)", + "description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-02-01T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "rpm", + "version": "", + "kind": "binary", + "arch": "aarch64|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:4.14.3-28.el8_9", + "arch_op": "pattern match" + }, + "13344223": { + "id": "13344223", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0647: rpm security update (Moderate)", + "description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-02-01T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "rpm", + "version": "", + "kind": "binary", + "arch": "aarch64|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:4.14.3-28.el8_9", + "arch_op": "pattern match" + }, + "13344285": { + "id": "13344285", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0647: rpm security update (Moderate)", + "description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-02-01T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "rpm-libs", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:4.14.3-28.el8_9", + "arch_op": "pattern match" + }, + "13344295": { + "id": "13344295", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "RHSA-2024:0647: rpm security update (Moderate)", + "description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "issued": "2024-02-01T00:00:00Z", + "links": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "rpm-libs", + "version": "", + "kind": "binary", + "arch": "aarch64|i686|ppc64le|s390x|x86_64" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "0:4.14.3-28.el8_9", + "arch_op": "pattern match" + }, + "64424234": { + "id": "64424234", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. \n STATEMENT: This flaw is in the asn1Parser binary included in libtasn1-tools RPM. The dynamic library libtasn1 and libtasn1-devel RPMs are not affected.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-1000654", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libtasn1", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64424244": { + "id": "64424244", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. \n STATEMENT: This flaw is in the asn1Parser binary included in libtasn1-tools RPM. The dynamic library libtasn1 and libtasn1-devel RPMs are not affected.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-1000654", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libtasn1", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64424366": { + "id": "64424366", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-1000879", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libarchive", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64424377": { + "id": "64424377", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-1000879", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libarchive", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64424472": { + "id": "64424472", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-1000880", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libarchive", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64424493": { + "id": "64424493", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-1000880", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libarchive", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64450130": { + "id": "64450130", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-19211", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64450179": { + "id": "64450179", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-19211", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64450591": { + "id": "64450591", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-19211", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64450630": { + "id": "64450630", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-19211", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64450806": { + "id": "64450806", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-19217", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64450834": { + "id": "64450834", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-19217", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64451473": { + "id": "64451473", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-19217", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64451489": { + "id": "64451489", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-19217", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64464345": { + "id": "64464345", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-20657", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libstdc++", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64464391": { + "id": "64464391", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-20657", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libstdc++", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64465858": { + "id": "64465858", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-20657", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libgcc", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64465868": { + "id": "64465868", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-20657", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libgcc", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64470956": { + "id": "64470956", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-20839", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "systemd-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64470969": { + "id": "64470969", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2018-20839", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "systemd-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64529768": { + "id": "64529768", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. \n STATEMENT: This issue affects the versions of bzip2 as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat JBoss Fuse 7 uses a Java implemntation of bzip2, this is different to the bzip2 this vulnerability exists in.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-12900", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "bzip2-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64529887": { + "id": "64529887", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. \n STATEMENT: This issue affects the versions of bzip2 as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat JBoss Fuse 7 uses a Java implemntation of bzip2, this is different to the bzip2 this vulnerability exists in.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-12900", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "bzip2-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64530170": { + "id": "64530170", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate)", + "description": "DOCUMENTATION: [Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation. \n STATEMENT: Please note that this issue is more theoretical than practical in terms of potential attack scenarios. The upstream developers have disputed this CVE, and the patches they supplied seem to focus more on hardening. Refer to external references for further details.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-12904", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libgcrypt", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64530230": { + "id": "64530230", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate)", + "description": "DOCUMENTATION: [Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation. \n STATEMENT: Please note that this issue is more theoretical than practical in terms of potential attack scenarios. The upstream developers have disputed this CVE, and the patches they supplied seem to focus more on hardening. Refer to external references for further details.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-12904", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libgcrypt", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64547793": { + "id": "64547793", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-14250", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libstdc++", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64547874": { + "id": "64547874", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-14250", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libstdc++", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64548810": { + "id": "64548810", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-14250", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libgcc", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64548903": { + "id": "64548903", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-14250", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libgcc", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64729274": { + "id": "64729274", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\" \n STATEMENT: As per upstream this flaw cannot be exploited under normal documented use of the LZ4 library API. Also this flaw is only present in the lz4 library and the application binaries shipped with this application are not affected by it. \n\nRed Hat OpenStack Platform 10 packages an older version of lz4 that has the flawed code. However, because OpenStack has been using RHEL's updated lz4 version since RHEL7.5 started to include it, Red Hat is not currently updating the OpenStack lz4 package.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-17543", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "lz4-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64729356": { + "id": "64729356", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\" \n STATEMENT: As per upstream this flaw cannot be exploited under normal documented use of the LZ4 library API. Also this flaw is only present in the lz4 library and the application binaries shipped with this application are not affected by it. \n\nRed Hat OpenStack Platform 10 packages an older version of lz4 that has the flawed code. However, because OpenStack has been using RHEL's updated lz4 version since RHEL7.5 started to include it, Red Hat is not currently updating the OpenStack lz4 package.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-17543", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "lz4-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64827078": { + "id": "64827078", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage (low)", + "description": "DOCUMENTATION: A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service. \n STATEMENT: This flaw has been rated as having a security impact of Low. The versions of `sqlite` as shipped with Red Hat Enterprise Linux are compiled without SQLITE_DEBUG, so it's not possible to reproduce the crash. The invalid Mem object may still lead to undefined behaviors, though no notable defects have been observed.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-19244", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64827219": { + "id": "64827219", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage (low)", + "description": "DOCUMENTATION: A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service. \n STATEMENT: This flaw has been rated as having a security impact of Low. The versions of `sqlite` as shipped with Red Hat Enterprise Linux are compiled without SQLITE_DEBUG, so it's not possible to reproduce the crash. The invalid Mem object may still lead to undefined behaviors, though no notable defects have been observed.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-19244", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64929074": { + "id": "64929074", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-8905", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "file-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64929126": { + "id": "64929126", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-8905", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "file-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64929539": { + "id": "64929539", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-8906", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "file-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64929594": { + "id": "64929594", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-8906", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "file-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64956463": { + "id": "64956463", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-9936", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64956490": { + "id": "64956490", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-9936", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64956789": { + "id": "64956789", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-9937", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "64956811": { + "id": "64956811", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2019-9937", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65100167": { + "id": "65100167", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19185", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65100192": { + "id": "65100192", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19185", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65100315": { + "id": "65100315", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19185", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65100344": { + "id": "65100344", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19185", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65100375": { + "id": "65100375", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19186", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65100399": { + "id": "65100399", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19186", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65100521": { + "id": "65100521", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19186", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65100540": { + "id": "65100540", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19186", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104192": { + "id": "65104192", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19187", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104225": { + "id": "65104225", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19187", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104467": { + "id": "65104467", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19187", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104546": { + "id": "65104546", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19187", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104548": { + "id": "65104548", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "1116 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19188", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104558": { + "id": "65104558", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "1116 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19188", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104598": { + "id": "65104598", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "1116 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19188", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104608": { + "id": "65104608", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "1116 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19188", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104636": { + "id": "65104636", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "997 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19189", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104646": { + "id": "65104646", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "997 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19189", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104648": { + "id": "65104648", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "997 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19189", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65104780": { + "id": "65104780", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "997 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19189", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65105015": { + "id": "65105015", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19190", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65105034": { + "id": "65105034", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19190", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65105597": { + "id": "65105597", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19190", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65105648": { + "id": "65105648", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)", + "description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-19190", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65128627": { + "id": "65128627", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. \n STATEMENT: Red Hat Product Security has set the Severity of this flaw to Low for libarchive as shipped with Red Hat Enterprise Linux 8 because we could not reproduce the issue and it states \"NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.\"\n\nThis flaw is out of support scope for libarchive as shipped with Red Hat Enterprise Linux 6 and 7.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-21674", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libarchive", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65128683": { + "id": "65128683", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. \n STATEMENT: Red Hat Product Security has set the Severity of this flaw to Low for libarchive as shipped with Red Hat Enterprise Linux 8 because we could not reproduce the issue and it states \"NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.\"\n\nThis flaw is out of support scope for libarchive as shipped with Red Hat Enterprise Linux 6 and 7.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2020-21674", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libarchive", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65439673": { + "id": "65439673", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "zstd: Race condition allows attacker to access world-readable destination file (low)", + "description": "DOCUMENTATION: A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled). \n STATEMENT: In OpenShift Container Platform (OCP) the zstd package was delivered in OCP 4.3 which is already end of life.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-24032", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libzstd", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65439725": { + "id": "65439725", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "zstd: Race condition allows attacker to access world-readable destination file (low)", + "description": "DOCUMENTATION: A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled). \n STATEMENT: In OpenShift Container Platform (OCP) the zstd package was delivered in OCP 4.3 which is already end of life.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-24032", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libzstd", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65548244": { + "id": "65548244", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service (low)", + "description": "DOCUMENTATION: A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service. \n STATEMENT: This CVE is under investigation by Red Hat Product Security.\n\nNote: Upstream would categorize this as a simple bug, not a security issue. Since most elfutils tools are run in short-lived, local, interactive, development contexts rather than remotely \"in production\", we generally treat malfunctions as ordinary bugs rather than security vulnerabilities.\nThe version, as shipped in Red Hat Enterprise Linux 9, is not affected by this vulnerability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-33294", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "elfutils-libelf", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65548278": { + "id": "65548278", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service (low)", + "description": "DOCUMENTATION: A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service. \n STATEMENT: This CVE is under investigation by Red Hat Product Security.\n\nNote: Upstream would categorize this as a simple bug, not a security issue. Since most elfutils tools are run in short-lived, local, interactive, development contexts rather than remotely \"in production\", we generally treat malfunctions as ordinary bugs rather than security vulnerabilities.\nThe version, as shipped in Red Hat Enterprise Linux 9, is not affected by this vulnerability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-33294", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "elfutils-libelf", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65577715": { + "id": "65577715", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "Uncontrolled recursion in systemd-tmpfiles when removing files (low)", + "description": "DOCUMENTATION: A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. \n STATEMENT: Red Hat Enterprise Linux 8 has a default 1024 nofile limit, thus preventing `systemd-tmpfiles` from exhausting its stack and crashing. For this reason, this flaw has been rated as having a security impact of Low on Red Hat Enterprise Linux 8. For more information on default ulimit values, please see https://access.redhat.com/solutions/4482841.\n\nIn OpenShift Container Platform (OCP) systemd package was shipped with OCP 4.7 as a one-off instance and all the later OCP releases (4.8, 4.9) are using systemd from RHEL 8. Hence, the systemd package shipped with OCP 4.7 will not be fixed and the fix will be consumed from RHEL 8.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-3997", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "systemd-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65577725": { + "id": "65577725", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "Uncontrolled recursion in systemd-tmpfiles when removing files (low)", + "description": "DOCUMENTATION: A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. \n STATEMENT: Red Hat Enterprise Linux 8 has a default 1024 nofile limit, thus preventing `systemd-tmpfiles` from exhausting its stack and crashing. For this reason, this flaw has been rated as having a security impact of Low on Red Hat Enterprise Linux 8. For more information on default ulimit values, please see https://access.redhat.com/solutions/4482841.\n\nIn OpenShift Container Platform (OCP) systemd package was shipped with OCP 4.7 as a one-off instance and all the later OCP releases (4.8, 4.9) are using systemd from RHEL 8. Hence, the systemd package shipped with OCP 4.7 will not be fixed and the fix will be consumed from RHEL 8.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-3997", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "systemd-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65584099": { + "id": "65584099", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "GnuTLS: Null pointer dereference in MD_UPDATE (low)", + "description": "DOCUMENTATION: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. \n STATEMENT: According to the analysis on the upstream issue, this flaw has been rated as having a security impact of Low.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-4209", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "gnutls", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65584109": { + "id": "65584109", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "GnuTLS: Null pointer dereference in MD_UPDATE (low)", + "description": "DOCUMENTATION: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. \n STATEMENT: According to the analysis on the upstream issue, this flaw has been rated as having a security impact of Low.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-4209", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "gnutls", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65585095": { + "id": "65585095", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)", + "description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-42694", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libstdc++", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65585105": { + "id": "65585105", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)", + "description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-42694", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libstdc++", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65585179": { + "id": "65585179", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)", + "description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-42694", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libgcc", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65585189": { + "id": "65585189", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)", + "description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-42694", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libgcc", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65585563": { + "id": "65585563", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "gmp: Integer overflow and resultant buffer overflow via crafted input (moderate)", + "description": "DOCUMENTATION: A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability. \n STATEMENT: Exploitation is only possible on 32-bit systems. The susceptible GMP package is not tethered to the network stack, so it can only be exploited via a file already on the local system. This can be achieved either by the attacker gaining local login credentials or alternatively; by tricking a user into loading then executing a malicious file. Because of these combined reasons Red Hat Product Security rates the impact as Moderate.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-43618", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "gmp", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65585573": { + "id": "65585573", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "gmp: Integer overflow and resultant buffer overflow via crafted input (moderate)", + "description": "DOCUMENTATION: A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability. \n STATEMENT: Exploitation is only possible on 32-bit systems. The susceptible GMP package is not tethered to the network stack, so it can only be exploited via a file already on the local system. This can be achieved either by the attacker gaining local login credentials or alternatively; by tricking a user into loading then executing a malicious file. Because of these combined reasons Red Hat Product Security rates the impact as Moderate.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-43618", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "gmp", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65614111": { + "id": "65614111", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)", + "description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2022-27943", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libstdc++", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65614121": { + "id": "65614121", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)", + "description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2022-27943", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libstdc++", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65614339": { + "id": "65614339", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)", + "description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2022-27943", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libgcc", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65614349": { + "id": "65614349", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)", + "description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2022-27943", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libgcc", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65628019": { + "id": "65628019", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "denial of service issue (resource consumption) using compressed packets (low)", + "description": "DOCUMENTATION: A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2022-3219", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "gnupg2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65628029": { + "id": "65628029", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "denial of service issue (resource consumption) using compressed packets (low)", + "description": "DOCUMENTATION: A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2022-3219", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "gnupg2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65646679": { + "id": "65646679", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop (low)", + "description": "DOCUMENTATION: A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack. \n STATEMENT: Red Hat Product Security classifies this issue as having a Low security impact. The vulnerability involves an infinite loop in a command-line utility, which is not typically designed to handle untrusted input. As a result, it is assessed that this does not pose a substantial security risk and does not lead to any meaningful security impact.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2022-41409", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "pcre2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65646689": { + "id": "65646689", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop (low)", + "description": "DOCUMENTATION: A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack. \n STATEMENT: Red Hat Product Security classifies this issue as having a Low security impact. The vulnerability involves an infinite loop in a command-line utility, which is not typically designed to handle untrusted input. As a result, it is assessed that this does not pose a substantial security risk and does not lead to any meaningful security impact.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2022-41409", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "pcre2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65666491": { + "id": "65666491", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints (low)", + "description": "DOCUMENTATION: A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-0464", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65666501": { + "id": "65666501", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints (low)", + "description": "DOCUMENTATION: A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-0464", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65666611": { + "id": "65666611", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: Invalid certificate policies in leaf certificates are silently ignored (low)", + "description": "DOCUMENTATION: A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-0465", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65666621": { + "id": "65666621", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: Invalid certificate policies in leaf certificates are silently ignored (low)", + "description": "DOCUMENTATION: A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-0465", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65666731": { + "id": "65666731", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: Certificate policy check not enabled (low)", + "description": "DOCUMENTATION: A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-0466", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65666741": { + "id": "65666741", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: Certificate policy check not enabled (low)", + "description": "DOCUMENTATION: A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-0466", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65686375": { + "id": "65686375", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: Possible DoS translating ASN.1 object identifiers (low)", + "description": "DOCUMENTATION: A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service. \n STATEMENT: CVE-2023-2650 can't cause DoS on machines with OpenSSL 1.1.1 and so is considered LOW for RHEL 8.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-2650", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65686385": { + "id": "65686385", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: Possible DoS translating ASN.1 object identifiers (low)", + "description": "DOCUMENTATION: A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service. \n STATEMENT: CVE-2023-2650 can't cause DoS on machines with OpenSSL 1.1.1 and so is considered LOW for RHEL 8.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-2650", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65691823": { + "id": "65691823", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: SFTP path ~ resolving discrepancy (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-27534", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libcurl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65691833": { + "id": "65691833", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: SFTP path ~ resolving discrepancy (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-27534", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libcurl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65691847": { + "id": "65691847", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: SFTP path ~ resolving discrepancy (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-27534", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "curl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65691857": { + "id": "65691857", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: SFTP path ~ resolving discrepancy (low)", + "description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-27534", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "curl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65691883": { + "id": "65691883", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: more POST-after-PUT confusion (low)", + "description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-28322", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libcurl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65691893": { + "id": "65691893", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: more POST-after-PUT confusion (low)", + "description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-28322", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libcurl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65691907": { + "id": "65691907", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: more POST-after-PUT confusion (low)", + "description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-28322", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "curl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65691917": { + "id": "65691917", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: more POST-after-PUT confusion (low)", + "description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-28322", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "curl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65702119": { + "id": "65702119", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "glib: GVariant offset table entry size is not checked in is_normal() (low)", + "description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-29499", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "glib2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65702129": { + "id": "65702129", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "glib: GVariant offset table entry size is not checked in is_normal() (low)", + "description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-29499", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "glib2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65702179": { + "id": "65702179", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "null pointer dereference in ber_memalloc_x function (low)", + "description": "DOCUMENTATION: A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-2953", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openldap", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65702189": { + "id": "65702189", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "null pointer dereference in ber_memalloc_x function (low)", + "description": "DOCUMENTATION: A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-2953", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openldap", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65707219": { + "id": "65707219", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "glib: g_variant_byteswap() can take a long time with some non-normal inputs (low)", + "description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-32611", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "glib2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65707229": { + "id": "65707229", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "glib: g_variant_byteswap() can take a long time with some non-normal inputs (low)", + "description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-32611", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "glib2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65707327": { + "id": "65707327", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "glib: Timeout in fuzz_variant_text (low)", + "description": "DOCUMENTATION: A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-32636", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "glib2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65707337": { + "id": "65707337", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "glib: Timeout in fuzz_variant_text (low)", + "description": "DOCUMENTATION: A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-32636", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "glib2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65707363": { + "id": "65707363", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "glib: GVariant deserialisation does not match spec for non-normal data (low)", + "description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-32665", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "glib2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65707373": { + "id": "65707373", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "glib: GVariant deserialisation does not match spec for non-normal data (low)", + "description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-32665", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "glib2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65708731": { + "id": "65708731", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CLI fault on missing -nonce (low)", + "description": "DOCUMENTATION: A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack. \n STATEMENT: This vulnerability has been rated as Low security impact because the CLI fault on missing '-nonce', though it could cause a crash in CLI, it doesn't possess a real security risk.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-36191", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65708741": { + "id": "65708741", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "CLI fault on missing -nonce (low)", + "description": "DOCUMENTATION: A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack. \n STATEMENT: This vulnerability has been rated as Low security impact because the CLI fault on missing '-nonce', though it could cause a crash in CLI, it doesn't possess a real security risk.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-36191", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65719579": { + "id": "65719579", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "python-certifi: Removal of e-Tugra root certificate (low)", + "description": "DOCUMENTATION: A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-37920", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ca-certificates", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65719589": { + "id": "65719589", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "python-certifi: Removal of e-Tugra root certificate (low)", + "description": "DOCUMENTATION: A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-37920", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ca-certificates", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65720767": { + "id": "65720767", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: cookie injection with none file (low)", + "description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-38546", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libcurl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65720777": { + "id": "65720777", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: cookie injection with none file (low)", + "description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-38546", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libcurl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65720779": { + "id": "65720779", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: cookie injection with none file (low)", + "description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-38546", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "curl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65720789": { + "id": "65720789", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: cookie injection with none file (low)", + "description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-38546", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "curl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65733607": { + "id": "65733607", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "gawk: heap out of bound read in builtin.c (low)", + "description": "DOCUMENTATION: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-4156", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "gawk", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65733617": { + "id": "65733617", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "gawk: heap out of bound read in builtin.c (low)", + "description": "DOCUMENTATION: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-4156", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "gawk", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65741407": { + "id": "65741407", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libxml2: use-after-free in xmlUnlinkNode() in tree.c (low)", + "description": "DOCUMENTATION: A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability. \n STATEMENT: The libxml2 project does not consider this issue to be a vulnerability because it can only be triggered in an out-of-memory condition or when the --maxmem command line option of the xmllint program is used to limit the number of memory allocation done by the parser. This is intended behavior and it's used to detect similar issues.\n\nRed Hat Product Security agrees with that decision. However, Red Hat will try to address this issue in affected products.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-45322", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libxml2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65741417": { + "id": "65741417", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libxml2: use-after-free in xmlUnlinkNode() in tree.c (low)", + "description": "DOCUMENTATION: A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability. \n STATEMENT: The libxml2 project does not consider this issue to be a vulnerability because it can only be triggered in an out-of-memory condition or when the --maxmem command line option of the xmllint program is used to limit the number of memory allocation done by the parser. This is intended behavior and it's used to detect similar issues.\n\nRed Hat Product Security agrees with that decision. However, Red Hat will try to address this issue in affected products.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-45322", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libxml2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65743099": { + "id": "65743099", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: information disclosure by exploiting a mixed case flaw (moderate)", + "description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-46218", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libcurl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65743109": { + "id": "65743109", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: information disclosure by exploiting a mixed case flaw (moderate)", + "description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-46218", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libcurl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65743123": { + "id": "65743123", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: information disclosure by exploiting a mixed case flaw (moderate)", + "description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-46218", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "curl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65743133": { + "id": "65743133", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "curl: information disclosure by exploiting a mixed case flaw (moderate)", + "description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-46218", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "curl", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65750347": { + "id": "65750347", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: segmentation fault via _nc_wrap_entry() (low)", + "description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-50495", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65750357": { + "id": "65750357", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: segmentation fault via _nc_wrap_entry() (low)", + "description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-50495", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65750359": { + "id": "65750359", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: segmentation fault via _nc_wrap_entry() (low)", + "description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-50495", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65750369": { + "id": "65750369", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: segmentation fault via _nc_wrap_entry() (low)", + "description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-50495", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65756827": { + "id": "65756827", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ipa: Invalid CSRF protection (moderate)", + "description": "DOCUMENTATION: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. \n STATEMENT: The CSRF vulnerability in ipa/session/login_password is considered a moderate issue due to the need for the attacker to trick users into submitting a request. This implies that exploitation requires user interaction for a new authentication attempt, rather than reflecting a cookie for an already logged-in user. While the vulnerability could result in a loss of confidentiality and system integrity, the specific actions and their severity are not explicitly detailed. The moderate classification suggests that, while serious, the limitations on exploitation conditions and potential impact contribute to a moderate overall severity.\n MITIGATION: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-5455", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "krb5-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65756837": { + "id": "65756837", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ipa: Invalid CSRF protection (moderate)", + "description": "DOCUMENTATION: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. \n STATEMENT: The CSRF vulnerability in ipa/session/login_password is considered a moderate issue due to the need for the attacker to trick users into submitting a request. This implies that exploitation requires user interaction for a new authentication attempt, rather than reflecting a cookie for an already logged-in user. While the vulnerability could result in a loss of confidentiality and system integrity, the specific actions and their severity are not explicitly detailed. The moderate classification suggests that, while serious, the limitations on exploitation conditions and potential impact contribute to a moderate overall severity.\n MITIGATION: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-5455", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "krb5-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65759419": { + "id": "65759419", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)", + "description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-6004", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libssh-config", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65759429": { + "id": "65759429", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)", + "description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-6004", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libssh-config", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65759431": { + "id": "65759431", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)", + "description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-6004", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libssh", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65759441": { + "id": "65759441", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)", + "description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-6004", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libssh", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65774323": { + "id": "65774323", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libssh: Missing checks for return values for digests (low)", + "description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-6918", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libssh", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65774333": { + "id": "65774333", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libssh: Missing checks for return values for digests (low)", + "description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-6918", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libssh", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65774335": { + "id": "65774335", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libssh: Missing checks for return values for digests (low)", + "description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-6918", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libssh-config", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65774345": { + "id": "65774345", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libssh: Missing checks for return values for digests (low)", + "description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-6918", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "libssh-config", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65775115": { + "id": "65775115", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes (moderate)", + "description": "DOCUMENTATION: A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. \n STATEMENT: This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nNote that DNSSEC= option is by default set to 'no' and changing the value requires root privileges.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-7008", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "systemd-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65775125": { + "id": "65775125", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes (moderate)", + "description": "DOCUMENTATION: A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. \n STATEMENT: This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nNote that DNSSEC= option is by default set to 'no' and changing the value requires root privileges.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2023-7008", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "systemd-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65776543": { + "id": "65776543", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "sqlite: use-after-free bug in jsonParseAddNodeArray (low)", + "description": "DOCUMENTATION: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2024-0232", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65776553": { + "id": "65776553", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "sqlite: use-after-free bug in jsonParseAddNodeArray (low)", + "description": "DOCUMENTATION: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2024-0232", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "sqlite-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65780563": { + "id": "65780563", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: denial of service via null dereference (low)", + "description": "DOCUMENTATION: A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service. \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2024-0727", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65780573": { + "id": "65780573", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "openssl: denial of service via null dereference (low)", + "description": "DOCUMENTATION: A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service. \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2024-0727", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "openssl-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65795767": { + "id": "65795767", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libxml2: use-after-free in XMLReader (moderate)", + "description": "DOCUMENTATION: A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2024-25062", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libxml2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "65795777": { + "id": "65795777", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "libxml2: use-after-free in XMLReader (moderate)", + "description": "DOCUMENTATION: A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2024-25062", + "severity": "Moderate", + "normalized_severity": "Medium", + "package": { + "id": "", + "name": "libxml2", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "90455241": { + "id": "90455241", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)", + "description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-39537", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "90455256": { + "id": "90455256", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)", + "description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-39537", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-libs", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "90455258": { + "id": "90455258", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)", + "description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-39537", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/a:redhat:enterprise_linux:8::appstream", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" + }, + "90455313": { + "id": "90455313", + "updater": "RHEL8-rhel-8-including-unpatched", + "name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)", + "description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.", + "issued": "0001-01-01T00:00:00Z", + "links": "https://access.redhat.com/security/cve/CVE-2021-39537", + "severity": "Low", + "normalized_severity": "Low", + "package": { + "id": "", + "name": "ncurses-base", + "version": "", + "kind": "binary" + }, + "distribution": { + "id": "", + "did": "rhel", + "name": "Red Hat Enterprise Linux Server", + "version": "8", + "version_code_name": "", + "version_id": "8", + "arch": "", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", + "pretty_name": "Red Hat Enterprise Linux Server 8" + }, + "repository": { + "name": "cpe:/o:redhat:enterprise_linux:8::baseos", + "key": "rhel-cpe-repository" + }, + "fixed_in_version": "" } - }, - "package_vulnerabilities":{ - "10":[ - "49035", - "145782" - ], - "104":[ - "32446", - "40929", - "49869", - "128176" - ], - "106":[ - "32446", - "40929", - "49869", - "128176" - ], - "108":[ - "32446", - "40929", - "49869", - "128176" - ], - "110":[ - "32446", - "40929", - "49869", - "128176" - ], - "112":[ - "103171", - "109054", - "117001", - "117002" - ], - "114":[ - "153794" - ], - "124":[ - "41255" - ], - "132":[ - "121183" - ], - "14":[ - "48646", - "63897", - "63898", - "63899", - "83695", - "83696", - "94190", - "111143" - ], - "140":[ - "41255" - ], - "144":[ - "31865", - "38545", - "39819", - "43075", - "68515", - "127298", - "134886", - "147511" - ], - "148":[ - "41255" - ], - "154":[ - "31865", - "38545", - "39819", - "43075", - "68515", - "127298", - "134886", - "147511" - ], - "156":[ - "33464", - "37841", - "37937", - "50179", - "56393", - "87174", - "104624" - ], - "16":[ - "46946" - ], - "162":[ - "36798", - "153817" - ], - "166":[ - "41255" - ], - "174":[ - "49871", - "134451" - ], - "196":[ - "149864" - ], - "234":[ - "149864" - ], - "240":[ - "149864" - ], - "252":[ - "49019", - "69261", - "69356", - "77964", - "80605", - "86508" - ], - "258":[ - "139774", - "145714" - ], - "266":[ - "145539", - "145540" - ], - "294":[ - "149864" - ], - "298":[ - "68997", - "132114", - "144191", - "148200", - "149270", - "149359", - "149362", - "154293" - ], - "30":[ - "41255" - ], - "302":[ - "145539", - "145540" - ], - "304":[ - "68997", - "132114", - "144191", - "148200", - "149270", - "149359", - "149362", - "154293" - ], - "318":[ - "145539", - "145540" - ], - "320":[ - "145539", - "145540" - ], - "36":[ - "38319", - "97564", - "143286" - ], - "4":[ - "55773" - ], - "40":[ - "33693", - "34633" - ], - "48":[ - "55773" - ], - "56":[ - "41255" - ], - "60":[ - "35609", - "46717", - "52158", - "52159", - "52735", - "53399", - "55085", - "84316", - "91083", - "110278", - "131937", - "137073", - "137077", - "137079", - "137081", - "146764", - "152851", - "154072", - "154428", - "154429" - ], - "62":[ - "35609", - "46717", - "52158", - "52159", - "52735", - "53399", - "55085", - "84316", - "91083", - "110278", - "131937", - "137073", - "137077", - "137079", - "137081", - "146764", - "152851", - "154072", - "154428", - "154429" - ], - "74":[ - "41255" - ], - "80":[ - "140291", - "141174" - ], - "92":[ - "145527" - ], - "94":[ - "83692" - ], - "96":[ - "41255" + }, + "package_vulnerabilities": { + "4": [ + "13344187", + "65759429", + "65774345", + "13344177", + "65759419", + "65774335" + ], + "10": [ + "65646689", + "65646679" + ], + "12": [ + "90455256", + "64450179", + "64450834", + "65100192", + "65100399", + "65104225", + "65104608", + "65104780", + "65105034", + "65750357", + "90455241", + "64450130", + "64450806", + "65100167", + "65100375", + "65104192", + "65104598", + "65104648", + "65105015", + "65750347" + ], + "22": [ + "64529887", + "64529768" + ], + "24": [ + "65585573", + "65585563" + ], + "26": [ + "65439725", + "65439673" + ], + "30": [ + "3425218", + "65795777", + "65741417", + "3425123", + "65795767", + "65741407" + ], + "36": [ + "64530230", + "64530170" + ], + "42": [ + "64424244", + "64424234" + ], + "44": [ + "64729356", + "64729274" + ], + "56": [ + "3417961", + "65666501", + "65666621", + "65666741", + "65686385", + "65780573", + "3417876", + "65666491", + "65666611", + "65666731", + "65686375", + "65780563" + ], + "62": [ + "13344115", + "3470539", + "65584109", + "13344105", + "3470275", + "65584099" + ], + "78": [ + "64464391", + "64547874", + "65585105", + "65614121", + "64464345", + "64547793", + "65585095", + "65614111" + ], + "80": [ + "65756837", + "65756827" + ], + "84": [ + "65702189", + "65702179" + ], + "94": [ + "13344223", + "13344213" + ], + "102": [ + "64465868", + "64548903", + "65585189", + "65614349", + "64465858", + "64548810", + "65585179", + "65614339" + ], + "104": [ + "90455313", + "64450630", + "64451489", + "65100344", + "65100540", + "65104546", + "65104558", + "65104646", + "65105648", + "65750369", + "90455258", + "64450591", + "64451473", + "65100315", + "65100521", + "65104467", + "65104548", + "65104636", + "65105597", + "65750359" + ], + "124": [ + "3475421", + "64827219", + "64956490", + "64956811", + "65708741", + "65776553", + "3475329", + "64827078", + "64956463", + "64956789", + "65708731", + "65776543" + ], + "138": [ + "65548278", + "65548244" + ], + "152": [ + "64470969", + "65577725", + "65775125", + "64470956", + "65577715", + "65775115" + ], + "156": [ + "65719589", + "65719579" + ], + "160": [ + "65128683", + "64424493", + "64424377", + "65128627", + "64424472", + "64424366" + ], + "164": [ + "65707373", + "65707337", + "65707229", + "65702129", + "65707327", + "65707363", + "65707219", + "65702119" + ], + "170": [ + "64929594", + "64929126", + "64929539", + "64929074" + ], + "176": [ + "3238062", + "3238018" + ], + "178": [ + "65733617", + "65733607" + ], + "182": [ + "13344175", + "65774333", + "65759441", + "13344165", + "65774323", + "65759431" + ], + "188": [ + "65628029", + "65628019" + ], + "192": [ + "65691893", + "65691833", + "65720777", + "65743109", + "65691883", + "65691823", + "65720767", + "65743099" + ], + "194": [ + "65743133", + "65720789", + "65691857", + "65691917", + "65743123", + "65720779", + "65691847", + "65691907" + ], + "196": [ + "13344295", + "13344285" + ], + "226": [ + "10425539" + ] + }, + "enrichments": { + "message/vnd.clair.map.vulnerability; enricher=clair.cvss schema=https://csrc.nist.gov/schema/nvd/feed/1.1/cvss-v3.x.json": [ + { + "3238018": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "3238062": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "3417876": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "3417961": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "3425123": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "3425218": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "3470275": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "3470539": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "3475329": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.3, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "3475421": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.3, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "13344105": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "13344115": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "13344165": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "13344175": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "13344177": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "13344187": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "13344213": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.4, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + } + ], + "13344223": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.4, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + } + ], + "13344285": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.4, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + } + ], + "13344295": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.4, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "HIGH", + "confidentialityImpact": "HIGH" + } + ], + "64424234": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64424244": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64424366": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64424377": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64424472": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64424493": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64450130": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64450179": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64450591": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64450630": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64450806": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64450834": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64451473": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64451489": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64464345": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64464391": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64465858": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64465868": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64470956": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 9.8, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64470969": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 9.8, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64529768": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 9.8, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64529887": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 9.8, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64530170": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64530230": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64547793": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64547874": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64548810": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64548903": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64729274": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.1, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64729356": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.1, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64827078": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64827219": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64929074": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.4, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" + } + ], + "64929126": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.4, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" + } + ], + "64929539": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.4, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" + } + ], + "64929594": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.4, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" + } + ], + "64956463": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64956490": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "64956789": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "64956811": [ + { + "scope": "UNCHANGED", + "version": "3.0", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65100167": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65100192": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65100315": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65100344": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65100375": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65100399": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65100521": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65100540": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104192": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104225": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104467": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104546": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104548": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104558": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104598": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104608": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104636": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104646": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104648": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65104780": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65105015": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65105034": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65105597": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65105648": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65128627": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65128683": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65439673": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + ], + "65439725": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.7, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + ], + "65548244": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65548278": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65577715": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "NONE" + } + ], + "65577725": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "NONE" + } + ], + "65584099": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "NONE" + } + ], + "65584109": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "NONE" + } + ], + "65585095": [ + { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 8.3, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65585105": [ + { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 8.3, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65585179": [ + { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 8.3, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65585189": [ + { + "scope": "CHANGED", + "version": "3.1", + "baseScore": 8.3, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "HIGH", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65585563": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65585573": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65614111": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65614121": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65614339": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65614349": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65628019": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.3, + "attackVector": "LOCAL", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "NONE" + } + ], + "65628029": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.3, + "attackVector": "LOCAL", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "NONE" + } + ], + "65646679": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65646689": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65666491": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65666501": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65666611": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65666621": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65666731": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65666741": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65686375": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65686385": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65691823": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + ], + "65691833": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + ], + "65691847": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + ], + "65691857": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "LOW", + "confidentialityImpact": "HIGH" + } + ], + "65691883": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.7, + "attackVector": "NETWORK", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "65691893": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.7, + "attackVector": "NETWORK", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "65691907": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.7, + "attackVector": "NETWORK", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "65691917": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.7, + "attackVector": "NETWORK", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "65702119": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65702129": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65702179": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65702189": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65707219": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65707229": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65707327": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65707337": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + }, + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65707363": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65707373": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65719579": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 9.8, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65719589": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 9.8, + "attackVector": "NETWORK", + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65720767": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.7, + "attackVector": "NETWORK", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65720777": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.7, + "attackVector": "NETWORK", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65720779": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.7, + "attackVector": "NETWORK", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65720789": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 3.7, + "attackVector": "NETWORK", + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65733607": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.1, + "attackVector": "LOCAL", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65733617": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.1, + "attackVector": "LOCAL", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65741407": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65741417": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65743099": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "65743109": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "65743123": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "65743133": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "integrityImpact": "LOW", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "LOW" + } + ], + "65750347": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65750357": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65750359": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65750369": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 6.5, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65756827": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.1, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65756837": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.1, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "65759419": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.8, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "integrityImpact": "LOW", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" + } + ], + "65759429": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.8, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "integrityImpact": "LOW", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" + } + ], + "65759431": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.8, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "integrityImpact": "LOW", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" + } + ], + "65759441": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 4.8, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "integrityImpact": "LOW", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "LOW", + "confidentialityImpact": "LOW" + } + ], + "65774323": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65774333": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65774335": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65774345": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.3, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "LOW", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65775115": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65775125": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.9, + "attackVector": "NETWORK", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "integrityImpact": "HIGH", + "userInteraction": "NONE", + "attackComplexity": "HIGH", + "availabilityImpact": "NONE", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65776543": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65776553": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65780563": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65780573": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 5.5, + "attackVector": "LOCAL", + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65795767": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "65795777": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 7.5, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "integrityImpact": "NONE", + "userInteraction": "NONE", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "NONE" + } + ], + "90455241": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "90455256": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "90455258": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ], + "90455313": [ + { + "scope": "UNCHANGED", + "version": "3.1", + "baseScore": 8.8, + "attackVector": "NETWORK", + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "integrityImpact": "HIGH", + "userInteraction": "REQUIRED", + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "privilegesRequired": "NONE", + "confidentialityImpact": "HIGH" + } + ] + } ] - } -} + } + }