docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2026-01-26 06:21:37 +03:00
Code Activity
Files
konflux/mintmaker/master/https-proxy-agent-7.x
quay/data/secscan_model/test/vulnerabilityreport.json
Ross Bryan 66fbe49ee2 secscan: implement basescore/cveid (PROJQUAY-6697) (#2684) 
* secscan: implement basescore/cveid (PROJQUAY-6697)

Signed-off-by: Ross Bryan <robryan@redhat.com>

* docs: add docstrings to helper functions

Signed-off-by: Ross Bryan <robryan@redhat.com>

* secscan: refactor base_score builder loop

Signed-off-by: Ross Bryan <robryan@redhat.com>

* make cveIDs a unique, alpha sorted list

Signed-off-by: Ross Bryan <robryan@redhat.com>

---------

Signed-off-by: Ross Bryan <robryan@redhat.com>
2024-03-20 13:20:17 +01:00

14251 lines
543 KiB
JSON
Raw Permalink Blame History

{
"manifest_hash": "sha256:4fd9553ca70c7ed6cbb466573fed2d03b0a8dd2c2eba9febf2ce30f8d537ba17",
"packages": {
"2": {
"id": "2",
"name": "crypto-policies",
"version": "20221215-1.gitece0092.el8",
"kind": "binary",
"source": {
"id": "1",
"name": "crypto-policies",
"version": "20221215-1.gitece0092.el8",
"kind": "source"
},
"arch": "noarch"
},
"4": {
"id": "4",
"name": "libssh-config",
"version": "0.9.6-10.el8_8",
"kind": "binary",
"source": {
"id": "3",
"name": "libssh",
"version": "0.9.6-10.el8_8",
"kind": "source"
},
"arch": "noarch"
},
"6": {
"id": "6",
"name": "redhat-release",
"version": "8.8-0.8.el8",
"kind": "binary",
"source": {
"id": "5",
"name": "redhat-release",
"version": "8.8-0.8.el8",
"kind": "source"
},
"arch": "aarch64"
},
"8": {
"id": "8",
"name": "filesystem",
"version": "3.8-6.el8",
"kind": "binary",
"source": {
"id": "7",
"name": "filesystem",
"version": "3.8-6.el8",
"kind": "source"
},
"arch": "aarch64"
},
"10": {
"id": "10",
"name": "pcre2",
"version": "10.32-3.el8_6",
"kind": "binary",
"source": {
"id": "9",
"name": "pcre2",
"version": "10.32-3.el8_6",
"kind": "source"
},
"arch": "aarch64"
},
"12": {
"id": "12",
"name": "ncurses-libs",
"version": "6.1-9.20180224.el8_8.1",
"kind": "binary",
"source": {
"id": "11",
"name": "ncurses",
"version": "6.1-9.20180224.el8_8.1",
"kind": "source"
},
"arch": "aarch64"
},
"14": {
"id": "14",
"name": "glibc-minimal-langpack",
"version": "2.28-225.el8_8.6",
"kind": "binary",
"source": {
"id": "13",
"name": "glibc",
"version": "2.28-225.el8_8.6",
"kind": "source"
},
"arch": "aarch64"
},
"16": {
"id": "16",
"name": "bash",
"version": "4.4.20-4.el8_6",
"kind": "binary",
"source": {
"id": "15",
"name": "bash",
"version": "4.4.20-4.el8_6",
"kind": "source"
},
"arch": "aarch64"
},
"18": {
"id": "18",
"name": "zlib",
"version": "1.2.11-21.el8_7",
"kind": "binary",
"source": {
"id": "17",
"name": "zlib",
"version": "1.2.11-21.el8_7",
"kind": "source"
},
"arch": "aarch64"
},
"20": {
"id": "20",
"name": "xz-libs",
"version": "5.2.4-4.el8_6",
"kind": "binary",
"source": {
"id": "19",
"name": "xz",
"version": "5.2.4-4.el8_6",
"kind": "source"
},
"arch": "aarch64"
},
"22": {
"id": "22",
"name": "bzip2-libs",
"version": "1.0.6-26.el8",
"kind": "binary",
"source": {
"id": "21",
"name": "bzip2",
"version": "1.0.6-26.el8",
"kind": "source"
},
"arch": "aarch64"
},
"24": {
"id": "24",
"name": "gmp",
"version": "1:6.1.2-10.el8",
"kind": "binary",
"source": {
"id": "23",
"name": "gmp",
"version": "6.1.2-10.el8",
"kind": "source"
},
"arch": "aarch64"
},
"26": {
"id": "26",
"name": "libzstd",
"version": "1.4.4-1.el8",
"kind": "binary",
"source": {
"id": "25",
"name": "zstd",
"version": "1.4.4-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"28": {
"id": "28",
"name": "libunistring",
"version": "0.9.9-3.el8",
"kind": "binary",
"source": {
"id": "27",
"name": "libunistring",
"version": "0.9.9-3.el8",
"kind": "source"
},
"arch": "aarch64"
},
"30": {
"id": "30",
"name": "libxml2",
"version": "2.9.7-16.el8_8.1",
"kind": "binary",
"source": {
"id": "29",
"name": "libxml2",
"version": "2.9.7-16.el8_8.1",
"kind": "source"
},
"arch": "aarch64"
},
"32": {
"id": "32",
"name": "p11-kit",
"version": "0.23.22-1.el8",
"kind": "binary",
"source": {
"id": "31",
"name": "p11-kit",
"version": "0.23.22-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"34": {
"id": "34",
"name": "readline",
"version": "7.0-10.el8",
"kind": "binary",
"source": {
"id": "33",
"name": "readline",
"version": "7.0-10.el8",
"kind": "source"
},
"arch": "aarch64"
},
"36": {
"id": "36",
"name": "libgcrypt",
"version": "1.8.5-7.el8_6",
"kind": "binary",
"source": {
"id": "35",
"name": "libgcrypt",
"version": "1.8.5-7.el8_6",
"kind": "source"
},
"arch": "aarch64"
},
"38": {
"id": "38",
"name": "libattr",
"version": "2.4.48-3.el8",
"kind": "binary",
"source": {
"id": "37",
"name": "attr",
"version": "2.4.48-3.el8",
"kind": "source"
},
"arch": "aarch64"
},
"40": {
"id": "40",
"name": "coreutils-single",
"version": "8.30-15.el8",
"kind": "binary",
"source": {
"id": "39",
"name": "coreutils",
"version": "8.30-15.el8",
"kind": "source"
},
"arch": "aarch64"
},
"42": {
"id": "42",
"name": "libtasn1",
"version": "4.13-4.el8_7",
"kind": "binary",
"source": {
"id": "41",
"name": "libtasn1",
"version": "4.13-4.el8_7",
"kind": "source"
},
"arch": "aarch64"
},
"44": {
"id": "44",
"name": "lz4-libs",
"version": "1.8.3-3.el8_4",
"kind": "binary",
"source": {
"id": "43",
"name": "lz4",
"version": "1.8.3-3.el8_4",
"kind": "source"
},
"arch": "aarch64"
},
"46": {
"id": "46",
"name": "grep",
"version": "3.1-6.el8",
"kind": "binary",
"source": {
"id": "45",
"name": "grep",
"version": "3.1-6.el8",
"kind": "source"
},
"arch": "aarch64"
},
"48": {
"id": "48",
"name": "libsmartcols",
"version": "2.32.1-42.el8_8",
"kind": "binary",
"source": {
"id": "47",
"name": "util-linux",
"version": "2.32.1-42.el8_8",
"kind": "source"
},
"arch": "aarch64"
},
"50": {
"id": "50",
"name": "libmount",
"version": "2.32.1-42.el8_8",
"kind": "binary",
"source": {
"id": "47",
"name": "util-linux",
"version": "2.32.1-42.el8_8",
"kind": "source"
},
"arch": "aarch64"
},
"52": {
"id": "52",
"name": "libusbx",
"version": "1.0.23-4.el8",
"kind": "binary",
"source": {
"id": "51",
"name": "libusbx",
"version": "1.0.23-4.el8",
"kind": "source"
},
"arch": "aarch64"
},
"54": {
"id": "54",
"name": "p11-kit-trust",
"version": "0.23.22-1.el8",
"kind": "binary",
"source": {
"id": "31",
"name": "p11-kit",
"version": "0.23.22-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"56": {
"id": "56",
"name": "openssl-libs",
"version": "1:1.1.1k-9.el8_7",
"kind": "binary",
"source": {
"id": "55",
"name": "openssl",
"version": "1.1.1k-9.el8_7",
"kind": "source"
},
"arch": "aarch64"
},
"58": {
"id": "58",
"name": "libdb-utils",
"version": "5.3.28-42.el8_4",
"kind": "binary",
"source": {
"id": "57",
"name": "libdb",
"version": "5.3.28-42.el8_4",
"kind": "source"
},
"arch": "aarch64"
},
"60": {
"id": "60",
"name": "mpfr",
"version": "3.1.6-1.el8",
"kind": "binary",
"source": {
"id": "59",
"name": "mpfr",
"version": "3.1.6-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"62": {
"id": "62",
"name": "gnutls",
"version": "3.6.16-6.el8_7",
"kind": "binary",
"source": {
"id": "61",
"name": "gnutls",
"version": "3.6.16-6.el8_7",
"kind": "source"
},
"arch": "aarch64"
},
"64": {
"id": "64",
"name": "json-glib",
"version": "1.4.4-1.el8",
"kind": "binary",
"source": {
"id": "63",
"name": "json-glib",
"version": "1.4.4-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"66": {
"id": "66",
"name": "gobject-introspection",
"version": "1.56.1-1.el8",
"kind": "binary",
"source": {
"id": "65",
"name": "gobject-introspection",
"version": "1.56.1-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"68": {
"id": "68",
"name": "libksba",
"version": "1.3.5-9.el8_7",
"kind": "binary",
"source": {
"id": "67",
"name": "libksba",
"version": "1.3.5-9.el8_7",
"kind": "source"
},
"arch": "aarch64"
},
"70": {
"id": "70",
"name": "brotli",
"version": "1.0.6-3.el8",
"kind": "binary",
"source": {
"id": "69",
"name": "brotli",
"version": "1.0.6-3.el8",
"kind": "source"
},
"arch": "aarch64"
},
"72": {
"id": "72",
"name": "keyutils-libs",
"version": "1.5.10-9.el8",
"kind": "binary",
"source": {
"id": "71",
"name": "keyutils",
"version": "1.5.10-9.el8",
"kind": "source"
},
"arch": "aarch64"
},
"74": {
"id": "74",
"name": "audit-libs",
"version": "3.0.7-4.el8",
"kind": "binary",
"source": {
"id": "73",
"name": "audit",
"version": "3.0.7-4.el8",
"kind": "source"
},
"arch": "aarch64"
},
"76": {
"id": "76",
"name": "libsigsegv",
"version": "2.11-5.el8",
"kind": "binary",
"source": {
"id": "75",
"name": "libsigsegv",
"version": "2.11-5.el8",
"kind": "source"
},
"arch": "aarch64"
},
"78": {
"id": "78",
"name": "libstdc++",
"version": "8.5.0-18.el8",
"kind": "binary",
"source": {
"id": "77",
"name": "gcc",
"version": "8.5.0-18.el8",
"kind": "source"
},
"arch": "aarch64"
},
"80": {
"id": "80",
"name": "krb5-libs",
"version": "1.18.2-25.el8_8",
"kind": "binary",
"source": {
"id": "79",
"name": "krb5",
"version": "1.18.2-25.el8_8",
"kind": "source"
},
"arch": "aarch64"
},
"82": {
"id": "82",
"name": "libxcrypt",
"version": "4.1.1-6.el8",
"kind": "binary",
"source": {
"id": "81",
"name": "libxcrypt",
"version": "4.1.1-6.el8",
"kind": "source"
},
"arch": "aarch64"
},
"84": {
"id": "84",
"name": "openldap",
"version": "2.4.46-18.el8",
"kind": "binary",
"source": {
"id": "83",
"name": "openldap",
"version": "2.4.46-18.el8",
"kind": "source"
},
"arch": "aarch64"
},
"86": {
"id": "86",
"name": "npth",
"version": "1.5-4.el8",
"kind": "binary",
"source": {
"id": "85",
"name": "npth",
"version": "1.5-4.el8",
"kind": "source"
},
"arch": "aarch64"
},
"88": {
"id": "88",
"name": "gpgme",
"version": "1.13.1-11.el8",
"kind": "binary",
"source": {
"id": "87",
"name": "gpgme",
"version": "1.13.1-11.el8",
"kind": "source"
},
"arch": "aarch64"
},
"90": {
"id": "90",
"name": "libpsl",
"version": "0.20.2-6.el8",
"kind": "binary",
"source": {
"id": "89",
"name": "libpsl",
"version": "0.20.2-6.el8",
"kind": "source"
},
"arch": "aarch64"
},
"92": {
"id": "92",
"name": "librepo",
"version": "1.14.2-4.el8",
"kind": "binary",
"source": {
"id": "91",
"name": "librepo",
"version": "1.14.2-4.el8",
"kind": "source"
},
"arch": "aarch64"
},
"94": {
"id": "94",
"name": "rpm",
"version": "4.14.3-26.el8",
"kind": "binary",
"source": {
"id": "93",
"name": "rpm",
"version": "4.14.3-26.el8",
"kind": "source"
},
"arch": "aarch64"
},
"96": {
"id": "96",
"name": "libmodulemd",
"version": "2.13.0-1.el8",
"kind": "binary",
"source": {
"id": "95",
"name": "libmodulemd",
"version": "2.13.0-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"98": {
"id": "98",
"name": "libdnf",
"version": "0.63.0-14.el8_8",
"kind": "binary",
"source": {
"id": "97",
"name": "libdnf",
"version": "0.63.0-14.el8_8",
"kind": "source"
},
"arch": "aarch64"
},
"100": {
"id": "100",
"name": "langpacks-en",
"version": "1.0-12.el8",
"kind": "binary",
"source": {
"id": "99",
"name": "langpacks",
"version": "1.0-12.el8",
"kind": "source"
},
"arch": "noarch"
},
"102": {
"id": "102",
"name": "libgcc",
"version": "8.5.0-18.el8",
"kind": "binary",
"source": {
"id": "77",
"name": "gcc",
"version": "8.5.0-18.el8",
"kind": "source"
},
"arch": "aarch64"
},
"104": {
"id": "104",
"name": "ncurses-base",
"version": "6.1-9.20180224.el8_8.1",
"kind": "binary",
"source": {
"id": "11",
"name": "ncurses",
"version": "6.1-9.20180224.el8_8.1",
"kind": "source"
},
"arch": "noarch"
},
"106": {
"id": "106",
"name": "tzdata",
"version": "2023c-1.el8",
"kind": "binary",
"source": {
"id": "105",
"name": "tzdata",
"version": "2023c-1.el8",
"kind": "source"
},
"arch": "noarch"
},
"108": {
"id": "108",
"name": "setup",
"version": "2.12.2-9.el8",
"kind": "binary",
"source": {
"id": "107",
"name": "setup",
"version": "2.12.2-9.el8",
"kind": "source"
},
"arch": "noarch"
},
"110": {
"id": "110",
"name": "basesystem",
"version": "11-5.el8",
"kind": "binary",
"source": {
"id": "109",
"name": "basesystem",
"version": "11-5.el8",
"kind": "source"
},
"arch": "noarch"
},
"112": {
"id": "112",
"name": "libselinux",
"version": "2.9-8.el8",
"kind": "binary",
"source": {
"id": "111",
"name": "libselinux",
"version": "2.9-8.el8",
"kind": "source"
},
"arch": "aarch64"
},
"114": {
"id": "114",
"name": "glibc-common",
"version": "2.28-225.el8_8.6",
"kind": "binary",
"source": {
"id": "13",
"name": "glibc",
"version": "2.28-225.el8_8.6",
"kind": "source"
},
"arch": "aarch64"
},
"116": {
"id": "116",
"name": "glibc",
"version": "2.28-225.el8_8.6",
"kind": "binary",
"source": {
"id": "13",
"name": "glibc",
"version": "2.28-225.el8_8.6",
"kind": "source"
},
"arch": "aarch64"
},
"118": {
"id": "118",
"name": "libsepol",
"version": "2.9-3.el8",
"kind": "binary",
"source": {
"id": "117",
"name": "libsepol",
"version": "2.9-3.el8",
"kind": "source"
},
"arch": "aarch64"
},
"120": {
"id": "120",
"name": "libgpg-error",
"version": "1.31-1.el8",
"kind": "binary",
"source": {
"id": "119",
"name": "libgpg-error",
"version": "1.31-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"122": {
"id": "122",
"name": "info",
"version": "6.5-7.el8",
"kind": "binary",
"source": {
"id": "121",
"name": "texinfo",
"version": "6.5-7.el8",
"kind": "source"
},
"arch": "aarch64"
},
"124": {
"id": "124",
"name": "sqlite-libs",
"version": "3.26.0-18.el8_8",
"kind": "binary",
"source": {
"id": "123",
"name": "sqlite",
"version": "3.26.0-18.el8_8",
"kind": "source"
},
"arch": "aarch64"
},
"126": {
"id": "126",
"name": "libcom_err",
"version": "1.45.6-5.el8",
"kind": "binary",
"source": {
"id": "125",
"name": "e2fsprogs",
"version": "1.45.6-5.el8",
"kind": "source"
},
"arch": "aarch64"
},
"128": {
"id": "128",
"name": "libcap",
"version": "2.48-5.el8_8",
"kind": "binary",
"source": {
"id": "127",
"name": "libcap",
"version": "2.48-5.el8_8",
"kind": "source"
},
"arch": "aarch64"
},
"130": {
"id": "130",
"name": "libidn2",
"version": "2.2.0-1.el8",
"kind": "binary",
"source": {
"id": "129",
"name": "libidn2",
"version": "2.2.0-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"132": {
"id": "132",
"name": "libffi",
"version": "3.1-24.el8",
"kind": "binary",
"source": {
"id": "131",
"name": "libffi",
"version": "3.1-24.el8",
"kind": "source"
},
"arch": "aarch64"
},
"134": {
"id": "134",
"name": "popt",
"version": "1.18-1.el8",
"kind": "binary",
"source": {
"id": "133",
"name": "popt",
"version": "1.18-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"136": {
"id": "136",
"name": "libassuan",
"version": "2.5.1-3.el8",
"kind": "binary",
"source": {
"id": "135",
"name": "libassuan",
"version": "2.5.1-3.el8",
"kind": "source"
},
"arch": "aarch64"
},
"138": {
"id": "138",
"name": "elfutils-libelf",
"version": "0.188-3.el8",
"kind": "binary",
"source": {
"id": "137",
"name": "elfutils",
"version": "0.188-3.el8",
"kind": "source"
},
"arch": "aarch64"
},
"140": {
"id": "140",
"name": "libacl",
"version": "2.2.53-1.el8",
"kind": "binary",
"source": {
"id": "139",
"name": "acl",
"version": "2.2.53-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"142": {
"id": "142",
"name": "sed",
"version": "4.5-5.el8",
"kind": "binary",
"source": {
"id": "141",
"name": "sed",
"version": "4.5-5.el8",
"kind": "source"
},
"arch": "aarch64"
},
"144": {
"id": "144",
"name": "lua-libs",
"version": "5.3.4-12.el8",
"kind": "binary",
"source": {
"id": "143",
"name": "lua",
"version": "5.3.4-12.el8",
"kind": "source"
},
"arch": "aarch64"
},
"146": {
"id": "146",
"name": "pcre",
"version": "8.42-6.el8",
"kind": "binary",
"source": {
"id": "145",
"name": "pcre",
"version": "8.42-6.el8",
"kind": "source"
},
"arch": "aarch64"
},
"148": {
"id": "148",
"name": "libuuid",
"version": "2.32.1-42.el8_8",
"kind": "binary",
"source": {
"id": "47",
"name": "util-linux",
"version": "2.32.1-42.el8_8",
"kind": "source"
},
"arch": "aarch64"
},
"150": {
"id": "150",
"name": "libblkid",
"version": "2.32.1-42.el8_8",
"kind": "binary",
"source": {
"id": "47",
"name": "util-linux",
"version": "2.32.1-42.el8_8",
"kind": "source"
},
"arch": "aarch64"
},
"152": {
"id": "152",
"name": "systemd-libs",
"version": "239-74.el8_8.5",
"kind": "binary",
"source": {
"id": "151",
"name": "systemd",
"version": "239-74.el8_8.5",
"kind": "source"
},
"arch": "aarch64"
},
"154": {
"id": "154",
"name": "chkconfig",
"version": "1.19.1-1.el8",
"kind": "binary",
"source": {
"id": "153",
"name": "chkconfig",
"version": "1.19.1-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"156": {
"id": "156",
"name": "ca-certificates",
"version": "2023.2.60_v7.0.306-80.0.el8_8",
"kind": "binary",
"source": {
"id": "155",
"name": "ca-certificates",
"version": "2023.2.60_v7.0.306-80.0.el8_8",
"kind": "source"
},
"arch": "noarch"
},
"158": {
"id": "158",
"name": "libdb",
"version": "5.3.28-42.el8_4",
"kind": "binary",
"source": {
"id": "57",
"name": "libdb",
"version": "5.3.28-42.el8_4",
"kind": "source"
},
"arch": "aarch64"
},
"160": {
"id": "160",
"name": "libarchive",
"version": "3.3.3-5.el8",
"kind": "binary",
"source": {
"id": "159",
"name": "libarchive",
"version": "3.3.3-5.el8",
"kind": "source"
},
"arch": "aarch64"
},
"162": {
"id": "162",
"name": "nettle",
"version": "3.4.1-7.el8",
"kind": "binary",
"source": {
"id": "161",
"name": "nettle",
"version": "3.4.1-7.el8",
"kind": "source"
},
"arch": "aarch64"
},
"164": {
"id": "164",
"name": "glib2",
"version": "2.56.4-161.el8",
"kind": "binary",
"source": {
"id": "163",
"name": "glib2",
"version": "2.56.4-161.el8",
"kind": "source"
},
"arch": "aarch64"
},
"166": {
"id": "166",
"name": "librhsm",
"version": "0.0.3-5.el8",
"kind": "binary",
"source": {
"id": "165",
"name": "librhsm",
"version": "0.0.3-5.el8",
"kind": "source"
},
"arch": "aarch64"
},
"168": {
"id": "168",
"name": "libpeas",
"version": "1.22.0-6.el8",
"kind": "binary",
"source": {
"id": "167",
"name": "libpeas",
"version": "1.22.0-6.el8",
"kind": "source"
},
"arch": "aarch64"
},
"170": {
"id": "170",
"name": "file-libs",
"version": "5.33-24.el8",
"kind": "binary",
"source": {
"id": "169",
"name": "file",
"version": "5.33-24.el8",
"kind": "source"
},
"arch": "aarch64"
},
"172": {
"id": "172",
"name": "json-c",
"version": "0.13.1-3.el8",
"kind": "binary",
"source": {
"id": "171",
"name": "json-c",
"version": "0.13.1-3.el8",
"kind": "source"
},
"arch": "aarch64"
},
"174": {
"id": "174",
"name": "libcap-ng",
"version": "0.7.11-1.el8",
"kind": "binary",
"source": {
"id": "173",
"name": "libcap-ng",
"version": "0.7.11-1.el8",
"kind": "source"
},
"arch": "aarch64"
},
"176": {
"id": "176",
"name": "libnghttp2",
"version": "1.33.0-3.el8_2.1",
"kind": "binary",
"source": {
"id": "175",
"name": "nghttp2",
"version": "1.33.0-3.el8_2.1",
"kind": "source"
},
"arch": "aarch64"
},
"178": {
"id": "178",
"name": "gawk",
"version": "4.2.1-4.el8",
"kind": "binary",
"source": {
"id": "177",
"name": "gawk",
"version": "4.2.1-4.el8",
"kind": "source"
},
"arch": "aarch64"
},
"180": {
"id": "180",
"name": "libverto",
"version": "0.3.2-2.el8",
"kind": "binary",
"source": {
"id": "179",
"name": "libverto",
"version": "0.3.2-2.el8",
"kind": "source"
},
"arch": "aarch64"
},
"182": {
"id": "182",
"name": "libssh",
"version": "0.9.6-10.el8_8",
"kind": "binary",
"source": {
"id": "3",
"name": "libssh",
"version": "0.9.6-10.el8_8",
"kind": "source"
},
"arch": "aarch64"
},
"184": {
"id": "184",
"name": "cyrus-sasl-lib",
"version": "2.1.27-6.el8_5",
"kind": "binary",
"source": {
"id": "183",
"name": "cyrus-sasl",
"version": "2.1.27-6.el8_5",
"kind": "source"
},
"arch": "aarch64"
},
"186": {
"id": "186",
"name": "libyaml",
"version": "0.1.7-5.el8",
"kind": "binary",
"source": {
"id": "185",
"name": "libyaml",
"version": "0.1.7-5.el8",
"kind": "source"
},
"arch": "aarch64"
},
"188": {
"id": "188",
"name": "gnupg2",
"version": "2.2.20-3.el8_6",
"kind": "binary",
"source": {
"id": "187",
"name": "gnupg2",
"version": "2.2.20-3.el8_6",
"kind": "source"
},
"arch": "aarch64"
},
"190": {
"id": "190",
"name": "publicsuffix-list-dafsa",
"version": "20180723-1.el8",
"kind": "binary",
"source": {
"id": "189",
"name": "publicsuffix-list",
"version": "20180723-1.el8",
"kind": "source"
},
"arch": "noarch"
},
"192": {
"id": "192",
"name": "libcurl",
"version": "7.61.1-30.el8_8.3",
"kind": "binary",
"source": {
"id": "191",
"name": "curl",
"version": "7.61.1-30.el8_8.3",
"kind": "source"
},
"arch": "aarch64"
},
"194": {
"id": "194",
"name": "curl",
"version": "7.61.1-30.el8_8.3",
"kind": "binary",
"source": {
"id": "191",
"name": "curl",
"version": "7.61.1-30.el8_8.3",
"kind": "source"
},
"arch": "aarch64"
},
"196": {
"id": "196",
"name": "rpm-libs",
"version": "4.14.3-26.el8",
"kind": "binary",
"source": {
"id": "93",
"name": "rpm",
"version": "4.14.3-26.el8",
"kind": "source"
},
"arch": "aarch64"
},
"198": {
"id": "198",
"name": "libsolv",
"version": "0.7.20-4.el8_7",
"kind": "binary",
"source": {
"id": "197",
"name": "libsolv",
"version": "0.7.20-4.el8_7",
"kind": "source"
},
"arch": "aarch64"
},
"200": {
"id": "200",
"name": "microdnf",
"version": "3.8.0-2.el8",
"kind": "binary",
"source": {
"id": "199",
"name": "microdnf",
"version": "3.8.0-2.el8",
"kind": "source"
},
"arch": "aarch64"
},
"202": {
"id": "202",
"name": "rootfiles",
"version": "8.1-22.el8",
"kind": "binary",
"source": {
"id": "201",
"name": "rootfiles",
"version": "8.1-22.el8",
"kind": "source"
},
"arch": "noarch"
},
"204": {
"id": "204",
"name": "ubi8-minimal-container",
"version": "8.8-1072.1696517598",
"kind": "source",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "rhctag:8.8.0.0.0.0.0.0.0.0",
"arch": "aarch64"
},
"206": {
"id": "206",
"name": "ubi8/ubi-minimal",
"version": "8.8-1072.1696517598",
"kind": "binary",
"source": {
"id": "204",
"name": "ubi8-minimal-container",
"version": "8.8-1072.1696517598",
"kind": "source",
"arch": "aarch64"
},
"normalized_version": "rhctag:8.8.0.0.0.0.0.0.0.0",
"arch": "aarch64"
},
"208": {
"id": "208",
"name": "stdlib",
"version": "go1.20.9",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.20.9.0.0.0.0.0.0"
},
"210": {
"id": "210",
"name": "github.com/quay/clair/v4",
"version": "(devel)",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
}
},
"212": {
"id": "212",
"name": "github.com/Masterminds/semver",
"version": "v1.5.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.5.0.0.0.0.0.0.0"
},
"214": {
"id": "214",
"name": "github.com/beorn7/perks",
"version": "v1.0.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.0.1.0.0.0.0.0.0"
},
"216": {
"id": "216",
"name": "github.com/cespare/xxhash/v2",
"version": "v2.2.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.2.2.0.0.0.0.0.0.0"
},
"218": {
"id": "218",
"name": "github.com/containerd/stargz-snapshotter/estargz",
"version": "v0.14.3",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.14.3.0.0.0.0.0.0"
},
"220": {
"id": "220",
"name": "github.com/cpuguy83/go-md2man/v2",
"version": "v2.0.2",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.2.0.2.0.0.0.0.0.0"
},
"222": {
"id": "222",
"name": "github.com/docker/cli",
"version": "v23.0.5+incompatible",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.23.0.5.0.0.0.0.0.0"
},
"224": {
"id": "224",
"name": "github.com/docker/distribution",
"version": "v2.8.1+incompatible",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.2.8.1.0.0.0.0.0.0"
},
"226": {
"id": "226",
"name": "github.com/docker/docker",
"version": "v23.0.5+incompatible",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.23.0.5.0.0.0.0.0.0"
},
"228": {
"id": "228",
"name": "github.com/docker/docker-credential-helpers",
"version": "v0.7.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.7.0.0.0.0.0.0.0"
},
"230": {
"id": "230",
"name": "github.com/doug-martin/goqu/v8",
"version": "v8.6.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.8.6.0.0.0.0.0.0.0"
},
"232": {
"id": "232",
"name": "github.com/dustin/go-humanize",
"version": "v1.0.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.0.1.0.0.0.0.0.0"
},
"234": {
"id": "234",
"name": "github.com/evanphx/json-patch/v5",
"version": "v5.6.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.5.6.0.0.0.0.0.0.0"
},
"236": {
"id": "236",
"name": "github.com/felixge/httpsnoop",
"version": "v1.0.3",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.0.3.0.0.0.0.0.0"
},
"238": {
"id": "238",
"name": "github.com/go-logr/logr",
"version": "v1.2.4",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.2.4.0.0.0.0.0.0"
},
"240": {
"id": "240",
"name": "github.com/go-logr/stdr",
"version": "v1.2.2",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.2.2.0.0.0.0.0.0"
},
"242": {
"id": "242",
"name": "github.com/golang/protobuf",
"version": "v1.5.3",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.5.3.0.0.0.0.0.0"
},
"244": {
"id": "244",
"name": "github.com/google/go-containerregistry",
"version": "v0.15.2",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.15.2.0.0.0.0.0.0"
},
"246": {
"id": "246",
"name": "github.com/google/uuid",
"version": "v1.3.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.3.1.0.0.0.0.0.0"
},
"248": {
"id": "248",
"name": "github.com/jackc/chunkreader/v2",
"version": "v2.0.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.2.0.1.0.0.0.0.0.0"
},
"250": {
"id": "250",
"name": "github.com/jackc/pgconn",
"version": "v1.14.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.14.1.0.0.0.0.0.0"
},
"252": {
"id": "252",
"name": "github.com/jackc/pgio",
"version": "v1.0.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.0.0.0.0.0.0.0.0"
},
"254": {
"id": "254",
"name": "github.com/jackc/pgpassfile",
"version": "v1.0.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.0.0.0.0.0.0.0.0"
},
"256": {
"id": "256",
"name": "github.com/jackc/pgproto3/v2",
"version": "v2.3.2",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.2.3.2.0.0.0.0.0.0"
},
"258": {
"id": "258",
"name": "github.com/jackc/pgservicefile",
"version": "v0.0.0-20221227161230-091c0ba34f0a",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.0.0.0.0.0.0.0.0"
},
"260": {
"id": "260",
"name": "github.com/jackc/pgtype",
"version": "v1.14.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.14.0.0.0.0.0.0.0"
},
"262": {
"id": "262",
"name": "github.com/jackc/pgx/v4",
"version": "v4.18.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.4.18.1.0.0.0.0.0.0"
},
"264": {
"id": "264",
"name": "github.com/jackc/puddle",
"version": "v1.3.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.3.0.0.0.0.0.0.0"
},
"266": {
"id": "266",
"name": "github.com/klauspost/compress",
"version": "v1.17.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.17.0.0.0.0.0.0.0"
},
"268": {
"id": "268",
"name": "github.com/knqyf263/go-apk-version",
"version": "v0.0.0-20200609155635-041fdbb8563f",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.0.0.0.0.0.0.0.0"
},
"270": {
"id": "270",
"name": "github.com/knqyf263/go-deb-version",
"version": "v0.0.0-20190517075300-09fca494f03d",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.0.0.0.0.0.0.0.0"
},
"272": {
"id": "272",
"name": "github.com/knqyf263/go-rpm-version",
"version": "v0.0.0-20170716094938-74609b86c936",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.0.0.0.0.0.0.0.0"
},
"274": {
"id": "274",
"name": "github.com/ldelossa/responserecorder",
"version": "v1.0.2-0.20210711162258-40bec93a9325",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.0.2.0.0.0.0.0.0"
},
"276": {
"id": "276",
"name": "github.com/mattn/go-colorable",
"version": "v0.1.13",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.1.13.0.0.0.0.0.0"
},
"278": {
"id": "278",
"name": "github.com/mattn/go-isatty",
"version": "v0.0.16",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.0.16.0.0.0.0.0.0"
},
"280": {
"id": "280",
"name": "github.com/matttproud/golang_protobuf_extensions",
"version": "v1.0.4",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.0.4.0.0.0.0.0.0"
},
"282": {
"id": "282",
"name": "github.com/mitchellh/go-homedir",
"version": "v1.1.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.1.0.0.0.0.0.0.0"
},
"284": {
"id": "284",
"name": "github.com/opencontainers/go-digest",
"version": "v1.0.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.0.0.0.0.0.0.0.0"
},
"286": {
"id": "286",
"name": "github.com/opencontainers/image-spec",
"version": "v1.1.0-rc3",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.1.0.0.0.0.0.0.0"
},
"288": {
"id": "288",
"name": "github.com/pkg/errors",
"version": "v0.9.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.9.1.0.0.0.0.0.0"
},
"290": {
"id": "290",
"name": "github.com/prometheus/client_golang",
"version": "v1.17.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.17.0.0.0.0.0.0.0"
},
"292": {
"id": "292",
"name": "github.com/prometheus/client_model",
"version": "v0.4.1-0.20230718164431-9a2bf3000d16",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.4.1.0.0.0.0.0.0"
},
"294": {
"id": "294",
"name": "github.com/prometheus/common",
"version": "v0.44.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.44.0.0.0.0.0.0.0"
},
"296": {
"id": "296",
"name": "github.com/prometheus/procfs",
"version": "v0.11.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.11.1.0.0.0.0.0.0"
},
"298": {
"id": "298",
"name": "github.com/quay/clair/config",
"version": "v1.3.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.3.0.0.0.0.0.0.0"
},
"300": {
"id": "300",
"name": "github.com/quay/claircore",
"version": "v1.5.19",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.5.19.0.0.0.0.0.0"
},
"302": {
"id": "302",
"name": "github.com/quay/claircore/toolkit",
"version": "v1.1.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.1.1.0.0.0.0.0.0"
},
"304": {
"id": "304",
"name": "github.com/quay/claircore/updater/driver",
"version": "v1.0.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.0.0.0.0.0.0.0.0"
},
"306": {
"id": "306",
"name": "github.com/quay/goval-parser",
"version": "v0.8.8",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.8.8.0.0.0.0.0.0"
},
"308": {
"id": "308",
"name": "github.com/quay/zlog",
"version": "v1.1.5",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.1.5.0.0.0.0.0.0"
},
"310": {
"id": "310",
"name": "github.com/remind101/migrate",
"version": "v0.0.0-20170729031349-52c1edff7319",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.0.0.0.0.0.0.0.0"
},
"312": {
"id": "312",
"name": "github.com/remyoudompheng/bigfft",
"version": "v0.0.0-20230129092748-24d4a6f8daec",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.0.0.0.0.0.0.0.0"
},
"314": {
"id": "314",
"name": "github.com/rs/zerolog",
"version": "v1.30.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.30.0.0.0.0.0.0.0"
},
"316": {
"id": "316",
"name": "github.com/russross/blackfriday/v2",
"version": "v2.1.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.2.1.0.0.0.0.0.0.0"
},
"318": {
"id": "318",
"name": "github.com/sirupsen/logrus",
"version": "v1.9.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.9.0.0.0.0.0.0.0"
},
"320": {
"id": "320",
"name": "github.com/tomnomnom/linkheader",
"version": "v0.0.0-20180905144013-02ca5825eb80",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.0.0.0.0.0.0.0.0"
},
"322": {
"id": "322",
"name": "github.com/ugorji/go/codec",
"version": "v1.2.11",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.2.11.0.0.0.0.0.0"
},
"324": {
"id": "324",
"name": "github.com/urfave/cli/v2",
"version": "v2.25.7",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.2.25.7.0.0.0.0.0.0"
},
"326": {
"id": "326",
"name": "github.com/vbatts/tar-split",
"version": "v0.11.3",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.11.3.0.0.0.0.0.0"
},
"328": {
"id": "328",
"name": "github.com/xrash/smetrics",
"version": "v0.0.0-20201216005158-039620a65673",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.0.0.0.0.0.0.0.0"
},
"330": {
"id": "330",
"name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace",
"version": "v0.42.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.42.0.0.0.0.0.0.0"
},
"332": {
"id": "332",
"name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",
"version": "v0.42.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.42.0.0.0.0.0.0.0"
},
"334": {
"id": "334",
"name": "go.opentelemetry.io/otel",
"version": "v1.16.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.16.0.0.0.0.0.0.0"
},
"336": {
"id": "336",
"name": "go.opentelemetry.io/otel/metric",
"version": "v1.16.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.16.0.0.0.0.0.0.0"
},
"338": {
"id": "338",
"name": "go.opentelemetry.io/otel/trace",
"version": "v1.16.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.16.0.0.0.0.0.0.0"
},
"340": {
"id": "340",
"name": "golang.org/x/crypto",
"version": "v0.12.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.12.0.0.0.0.0.0.0"
},
"342": {
"id": "342",
"name": "golang.org/x/net",
"version": "v0.14.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.14.0.0.0.0.0.0.0"
},
"344": {
"id": "344",
"name": "golang.org/x/sync",
"version": "v0.3.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.3.0.0.0.0.0.0.0"
},
"346": {
"id": "346",
"name": "golang.org/x/sys",
"version": "v0.11.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.11.0.0.0.0.0.0.0"
},
"348": {
"id": "348",
"name": "golang.org/x/text",
"version": "v0.12.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.12.0.0.0.0.0.0.0"
},
"350": {
"id": "350",
"name": "golang.org/x/time",
"version": "v0.3.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.3.0.0.0.0.0.0.0"
},
"352": {
"id": "352",
"name": "google.golang.org/protobuf",
"version": "v1.31.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.31.0.0.0.0.0.0.0"
},
"354": {
"id": "354",
"name": "gopkg.in/square/go-jose.v2",
"version": "v2.6.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.2.6.0.0.0.0.0.0.0"
},
"356": {
"id": "356",
"name": "gopkg.in/yaml.v3",
"version": "v3.0.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.3.0.1.0.0.0.0.0.0"
},
"358": {
"id": "358",
"name": "modernc.org/libc",
"version": "v1.24.1",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.24.1.0.0.0.0.0.0"
},
"360": {
"id": "360",
"name": "modernc.org/mathutil",
"version": "v1.5.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.5.0.0.0.0.0.0.0"
},
"362": {
"id": "362",
"name": "modernc.org/memory",
"version": "v1.6.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.6.0.0.0.0.0.0.0"
},
"364": {
"id": "364",
"name": "modernc.org/sqlite",
"version": "v1.26.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.26.0.0.0.0.0.0.0"
},
"388": {
"id": "388",
"name": "github.com/go-stomp/stomp/v3",
"version": "v3.0.5",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.3.0.5.0.0.0.0.0.0"
},
"438": {
"id": "438",
"name": "github.com/pyroscope-io/godeltaprof",
"version": "v0.1.2",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.0.1.2.0.0.0.0.0.0"
},
"458": {
"id": "458",
"name": "github.com/streadway/amqp",
"version": "v1.1.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.1.0.0.0.0.0.0.0"
},
"468": {
"id": "468",
"name": "go.opentelemetry.io/otel/exporters/jaeger",
"version": "v1.16.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.16.0.0.0.0.0.0.0"
},
"470": {
"id": "470",
"name": "go.opentelemetry.io/otel/exporters/stdout/stdouttrace",
"version": "v1.16.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.16.0.0.0.0.0.0.0"
},
"474": {
"id": "474",
"name": "go.opentelemetry.io/otel/sdk",
"version": "v1.16.0",
"kind": "binary",
"source": {
"id": "203",
"name": "",
"version": ""
},
"normalized_version": "semver:0.1.16.0.0.0.0.0.0.0"
}
},
"distributions": {
"1": {
"id": "1",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
}
},
"repository": {
"1": {
"id": "1",
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*"
},
"2": {
"id": "2",
"name": "cpe:/o:redhat:rhel:8.3::baseos",
"key": "rhel-cpe-repository",
"cpe": "cpe:2.3:o:redhat:rhel:8.3:*:baseos:*:*:*:*:*"
},
"3": {
"id": "3",
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository",
"cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*"
},
"4": {
"id": "4",
"name": "cpe:/a:redhat:rhel:8.3::appstream",
"key": "rhel-cpe-repository",
"cpe": "cpe:2.3:a:redhat:rhel:8.3:*:appstream:*:*:*:*:*"
},
"5": {
"id": "5",
"name": "Red Hat Container Catalog",
"uri": "https://catalog.redhat.com/software/containers/explore"
},
"6": {
"id": "6",
"name": "go",
"uri": "https://pkg.go.dev/"
}
},
"environments": {
"2": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"4": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"6": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"8": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"10": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"12": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"14": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"16": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"18": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"20": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"22": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"24": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"26": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"28": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"30": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"32": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"34": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"36": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"38": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"40": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"42": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"44": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"46": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"48": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"50": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"52": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"54": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"56": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"58": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"60": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"62": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"64": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"66": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"68": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"70": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"72": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"74": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"76": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"78": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"80": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"82": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"84": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"86": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"88": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"90": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"92": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"94": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"96": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"98": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"100": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"102": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"104": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"106": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"108": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"110": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"112": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"114": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"116": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"118": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"120": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"122": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"124": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"126": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"128": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"130": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"132": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"134": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"136": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"138": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"140": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"142": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"144": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"146": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"148": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"150": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"152": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"154": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"156": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"158": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"160": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"162": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"164": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"166": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"168": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"170": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"172": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"174": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"176": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"178": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"180": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"182": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"184": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"186": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"188": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"190": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"192": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"194": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"196": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"198": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"200": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"202": [
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "1",
"repository_ids": [
"1",
"2",
"3",
"4"
]
},
{
"package_db": "bdb:var/lib/rpm",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": null
}
],
"204": [
{
"package_db": "root/buildinfo/Dockerfile-ubi8-minimal-8.8-1072.1696517598",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": [
"5"
]
}
],
"206": [
{
"package_db": "root/buildinfo/Dockerfile-ubi8-minimal-8.8-1072.1696517598",
"introduced_in": "sha256:e623cf60cbc41de800d3ca5284181bd9168fc0be44b2fbfc05ba78cefcf315b1",
"distribution_id": "",
"repository_ids": [
"5"
]
}
],
"208": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"210": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"212": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"214": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"216": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"218": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"220": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"222": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"224": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"226": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"228": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"230": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"232": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"234": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"236": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"238": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"240": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"242": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"244": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"246": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"248": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"250": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"252": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"254": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"256": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"258": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"260": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"262": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"264": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"266": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"268": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"270": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"272": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"274": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"276": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"278": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"280": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"282": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"284": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"286": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"288": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"290": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"292": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"294": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"296": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"298": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"300": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"302": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"304": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"306": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"308": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"310": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"312": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"314": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"316": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"318": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"320": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"322": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"324": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"326": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"328": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"330": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"332": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"334": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"336": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"338": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"340": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"342": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"344": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"346": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"348": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"350": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"352": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"354": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"356": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"358": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"360": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"362": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"364": [
{
"package_db": "go:usr/bin/clairctl",
"introduced_in": "sha256:bf37973863bc7ec2cc3e205b757acfa6e3fcef098621b34848275960bf2aa8cb",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"388": [
{
"package_db": "go:usr/bin/clair",
"introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"438": [
{
"package_db": "go:usr/bin/clair",
"introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"458": [
{
"package_db": "go:usr/bin/clair",
"introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"468": [
{
"package_db": "go:usr/bin/clair",
"introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"470": [
{
"package_db": "go:usr/bin/clair",
"introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92",
"distribution_id": "",
"repository_ids": [
"6"
]
}
],
"474": [
{
"package_db": "go:usr/bin/clair",
"introduced_in": "sha256:2673e7fa22f08ae14cfde08b625bf3225974fc5df8914d5d0b94bae3700c4c92",
"distribution_id": "",
"repository_ids": [
"6"
]
}
]
},
"vulnerabilities": {
"3238018": {
"id": "3238018",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2023:5837: nghttp2 security update (Important)",
"description": "nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2023-10-18T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2023:5837 https://access.redhat.com/security/cve/CVE-2023-44487",
"severity": "Important",
"normalized_severity": "High",
"package": {
"id": "",
"name": "libnghttp2",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:1.33.0-5.el8_8",
"arch_op": "pattern match"
},
"3238062": {
"id": "3238062",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2023:5837: nghttp2 security update (Important)",
"description": "nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2023-10-18T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2023:5837 https://access.redhat.com/security/cve/CVE-2023-44487",
"severity": "Important",
"normalized_severity": "High",
"package": {
"id": "",
"name": "libnghttp2",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:1.33.0-5.el8_8",
"arch_op": "pattern match"
},
"3417876": {
"id": "3417876",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2023:7877: openssl security update (Low)",
"description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)\n\n* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)\n\n* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2023-12-19T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2023:7877 https://access.redhat.com/security/cve/CVE-2023-3446 https://access.redhat.com/security/cve/CVE-2023-3817 https://access.redhat.com/security/cve/CVE-2023-5678",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "1:1.1.1k-12.el8_9",
"arch_op": "pattern match"
},
"3417961": {
"id": "3417961",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2023:7877: openssl security update (Low)",
"description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)\n\n* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)\n\n* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2023-12-19T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2023:7877 https://access.redhat.com/security/cve/CVE-2023-3446 https://access.redhat.com/security/cve/CVE-2023-3817 https://access.redhat.com/security/cve/CVE-2023-5678",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "1:1.1.1k-12.el8_9",
"arch_op": "pattern match"
},
"3425123": {
"id": "3425123",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2024:0119: libxml2 security update (Moderate)",
"description": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-10T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0119 https://access.redhat.com/security/cve/CVE-2023-39615",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libxml2",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:2.9.7-18.el8_9",
"arch_op": "pattern match"
},
"3425218": {
"id": "3425218",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2024:0119: libxml2 security update (Moderate)",
"description": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-10T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0119 https://access.redhat.com/security/cve/CVE-2023-39615",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libxml2",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:2.9.7-18.el8_9",
"arch_op": "pattern match"
},
"3470275": {
"id": "3470275",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2024:0155: gnutls security update (Moderate)",
"description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: timing side-channel in the RSA-PSK authentication (CVE-2023-5981)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-10T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0155 https://access.redhat.com/security/cve/CVE-2023-5981",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "gnutls",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:3.6.16-8.el8_9",
"arch_op": "pattern match"
},
"3470539": {
"id": "3470539",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2024:0155: gnutls security update (Moderate)",
"description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: timing side-channel in the RSA-PSK authentication (CVE-2023-5981)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-10T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0155 https://access.redhat.com/security/cve/CVE-2023-5981",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "gnutls",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:3.6.16-8.el8_9",
"arch_op": "pattern match"
},
"3475329": {
"id": "3475329",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2024:0253: sqlite security update (Moderate)",
"description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-15T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0253 https://access.redhat.com/security/cve/CVE-2023-7104",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:3.26.0-19.el8_9",
"arch_op": "pattern match"
},
"3475421": {
"id": "3475421",
"updater": "RHEL8-rhel-8",
"name": "RHSA-2024:0253: sqlite security update (Moderate)",
"description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-15T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0253 https://access.redhat.com/security/cve/CVE-2023-7104",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:3.26.0-19.el8_9",
"arch_op": "pattern match"
},
"10425539": {
"id": "10425539",
"updater": "osv/go",
"name": "GHSA-jq35-85cj-fj4p",
"description": "/sys/devices/virtual/powercap accessible by default to containers",
"issued": "2023-10-30T15:25:44Z",
"links": "https://github.com/moby/moby/security/advisories/GHSA-jq35-85cj-fj4p https://github.com/moby/moby/commit/48ebe353e49a9def5e6679f6e386b0efb1c95f0e https://github.com/moby/moby/commit/81ebe71275768629689a23bc3bca34b3b374a6a6 https://github.com/moby/moby/commit/c9ccbfad11a60e703e91b6cca4f48927828c7e35 https://github.com/moby/moby https://github.com/moby/moby/releases/tag/v20.10.27 https://github.com/moby/moby/releases/tag/v23.0.8 https://github.com/moby/moby/releases/tag/v24.0.7",
"severity": "",
"normalized_severity": "Unknown",
"package": {
"id": "",
"name": "github.com/docker/docker",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "",
"name": "",
"version": "",
"version_code_name": "",
"version_id": "",
"arch": "",
"cpe": "",
"pretty_name": ""
},
"repository": {
"name": "go",
"uri": "https://pkg.go.dev/"
},
"fixed_in_version": ""
},
"13344105": {
"id": "13344105",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0627: gnutls security update (Moderate)",
"description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-31T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/security/cve/CVE-2024-0553",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "gnutls",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:3.6.16-8.el8_9.1",
"arch_op": "pattern match"
},
"13344115": {
"id": "13344115",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0627: gnutls security update (Moderate)",
"description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-31T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/security/cve/CVE-2024-0553",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "gnutls",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:3.6.16-8.el8_9.1",
"arch_op": "pattern match"
},
"13344165": {
"id": "13344165",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0628: libssh security update (Moderate)",
"description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-31T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libssh",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:0.9.6-13.el8_9",
"arch_op": "pattern match"
},
"13344175": {
"id": "13344175",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0628: libssh security update (Moderate)",
"description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-31T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libssh",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:0.9.6-13.el8_9",
"arch_op": "pattern match"
},
"13344177": {
"id": "13344177",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0628: libssh security update (Moderate)",
"description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-31T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libssh-config",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:0.9.6-13.el8_9"
},
"13344187": {
"id": "13344187",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0628: libssh security update (Moderate)",
"description": "libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.\n\nSecurity Fix(es):\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-01-31T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0628 https://access.redhat.com/security/cve/CVE-2023-48795",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libssh-config",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:0.9.6-13.el8_9"
},
"13344213": {
"id": "13344213",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0647: rpm security update (Moderate)",
"description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-02-01T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "rpm",
"version": "",
"kind": "binary",
"arch": "aarch64|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:4.14.3-28.el8_9",
"arch_op": "pattern match"
},
"13344223": {
"id": "13344223",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0647: rpm security update (Moderate)",
"description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-02-01T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "rpm",
"version": "",
"kind": "binary",
"arch": "aarch64|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:4.14.3-28.el8_9",
"arch_op": "pattern match"
},
"13344285": {
"id": "13344285",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0647: rpm security update (Moderate)",
"description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-02-01T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "rpm-libs",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:4.14.3-28.el8_9",
"arch_op": "pattern match"
},
"13344295": {
"id": "13344295",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "RHSA-2024:0647: rpm security update (Moderate)",
"description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)\n\n* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)\n\n* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"issued": "2024-02-01T00:00:00Z",
"links": "https://access.redhat.com/errata/RHSA-2024:0647 https://access.redhat.com/security/cve/CVE-2021-35937 https://access.redhat.com/security/cve/CVE-2021-35938 https://access.redhat.com/security/cve/CVE-2021-35939",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "rpm-libs",
"version": "",
"kind": "binary",
"arch": "aarch64|i686|ppc64le|s390x|x86_64"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": "0:4.14.3-28.el8_9",
"arch_op": "pattern match"
},
"64424234": {
"id": "64424234",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. \n STATEMENT: This flaw is in the asn1Parser binary included in libtasn1-tools RPM. The dynamic library libtasn1 and libtasn1-devel RPMs are not affected.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-1000654",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libtasn1",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64424244": {
"id": "64424244",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. \n STATEMENT: This flaw is in the asn1Parser binary included in libtasn1-tools RPM. The dynamic library libtasn1 and libtasn1-devel RPMs are not affected.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-1000654",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libtasn1",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64424366": {
"id": "64424366",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-1000879",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libarchive",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64424377": {
"id": "64424377",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-1000879",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libarchive",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64424472": {
"id": "64424472",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-1000880",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libarchive",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64424493": {
"id": "64424493",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. \n STATEMENT: This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 and 7.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-1000880",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libarchive",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64450130": {
"id": "64450130",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-19211",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64450179": {
"id": "64450179",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-19211",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64450591": {
"id": "64450591",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-19211",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64450630": {
"id": "64450630",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-19211",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64450806": {
"id": "64450806",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-19217",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64450834": {
"id": "64450834",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-19217",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64451473": {
"id": "64451473",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-19217",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64451489": {
"id": "64451489",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-19217",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64464345": {
"id": "64464345",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-20657",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libstdc++",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64464391": {
"id": "64464391",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-20657",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libstdc++",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64465858": {
"id": "64465858",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-20657",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libgcc",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64465868": {
"id": "64465868",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-20657",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libgcc",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64470956": {
"id": "64470956",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-20839",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "systemd-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64470969": {
"id": "64470969",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2018-20839",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "systemd-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64529768": {
"id": "64529768",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. \n STATEMENT: This issue affects the versions of bzip2 as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat JBoss Fuse 7 uses a Java implemntation of bzip2, this is different to the bzip2 this vulnerability exists in.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-12900",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "bzip2-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64529887": {
"id": "64529887",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. \n STATEMENT: This issue affects the versions of bzip2 as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\n\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat JBoss Fuse 7 uses a Java implemntation of bzip2, this is different to the bzip2 this vulnerability exists in.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-12900",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "bzip2-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64530170": {
"id": "64530170",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate)",
"description": "DOCUMENTATION: [Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation. \n STATEMENT: Please note that this issue is more theoretical than practical in terms of potential attack scenarios. The upstream developers have disputed this CVE, and the patches they supplied seem to focus more on hardening. Refer to external references for further details.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-12904",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libgcrypt",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64530230": {
"id": "64530230",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate)",
"description": "DOCUMENTATION: [Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation. \n STATEMENT: Please note that this issue is more theoretical than practical in terms of potential attack scenarios. The upstream developers have disputed this CVE, and the patches they supplied seem to focus more on hardening. Refer to external references for further details.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-12904",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libgcrypt",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64547793": {
"id": "64547793",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-14250",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libstdc++",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64547874": {
"id": "64547874",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-14250",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libstdc++",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64548810": {
"id": "64548810",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-14250",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libgcc",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64548903": {
"id": "64548903",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. \n STATEMENT: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-14250",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libgcc",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64729274": {
"id": "64729274",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\" \n STATEMENT: As per upstream this flaw cannot be exploited under normal documented use of the LZ4 library API. Also this flaw is only present in the lz4 library and the application binaries shipped with this application are not affected by it. \n\nRed Hat OpenStack Platform 10 packages an older version of lz4 that has the flawed code. However, because OpenStack has been using RHEL's updated lz4 version since RHEL7.5 started to include it, Red Hat is not currently updating the OpenStack lz4 package.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-17543",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "lz4-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64729356": {
"id": "64729356",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\" \n STATEMENT: As per upstream this flaw cannot be exploited under normal documented use of the LZ4 library API. Also this flaw is only present in the lz4 library and the application binaries shipped with this application are not affected by it. \n\nRed Hat OpenStack Platform 10 packages an older version of lz4 that has the flawed code. However, because OpenStack has been using RHEL's updated lz4 version since RHEL7.5 started to include it, Red Hat is not currently updating the OpenStack lz4 package.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-17543",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "lz4-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64827078": {
"id": "64827078",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage (low)",
"description": "DOCUMENTATION: A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service. \n STATEMENT: This flaw has been rated as having a security impact of Low. The versions of `sqlite` as shipped with Red Hat Enterprise Linux are compiled without SQLITE_DEBUG, so it's not possible to reproduce the crash. The invalid Mem object may still lead to undefined behaviors, though no notable defects have been observed.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-19244",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64827219": {
"id": "64827219",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage (low)",
"description": "DOCUMENTATION: A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service. \n STATEMENT: This flaw has been rated as having a security impact of Low. The versions of `sqlite` as shipped with Red Hat Enterprise Linux are compiled without SQLITE_DEBUG, so it's not possible to reproduce the crash. The invalid Mem object may still lead to undefined behaviors, though no notable defects have been observed.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-19244",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64929074": {
"id": "64929074",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-8905",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "file-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64929126": {
"id": "64929126",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-8905",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "file-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64929539": {
"id": "64929539",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-8906",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "file-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64929594": {
"id": "64929594",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-8906",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "file-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64956463": {
"id": "64956463",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-9936",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64956490": {
"id": "64956490",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-9936",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64956789": {
"id": "64956789",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-9937",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"64956811": {
"id": "64956811",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. \n STATEMENT: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for fts5.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2019-9937",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65100167": {
"id": "65100167",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19185",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65100192": {
"id": "65100192",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19185",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65100315": {
"id": "65100315",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19185",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65100344": {
"id": "65100344",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19185",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65100375": {
"id": "65100375",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19186",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65100399": {
"id": "65100399",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19186",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65100521": {
"id": "65100521",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19186",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65100540": {
"id": "65100540",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19186",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104192": {
"id": "65104192",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19187",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104225": {
"id": "65104225",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19187",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104467": {
"id": "65104467",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19187",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104546": {
"id": "65104546",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19187",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104548": {
"id": "65104548",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "1116 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19188",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104558": {
"id": "65104558",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "1116 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19188",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104598": {
"id": "65104598",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "1116 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19188",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104608": {
"id": "65104608",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "1116 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19188",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104636": {
"id": "65104636",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "997 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19189",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104646": {
"id": "65104646",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "997 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19189",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104648": {
"id": "65104648",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "997 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19189",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65104780": {
"id": "65104780",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "997 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19189",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65105015": {
"id": "65105015",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19190",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65105034": {
"id": "65105034",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19190",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65105597": {
"id": "65105597",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19190",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65105648": {
"id": "65105648",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 (low)",
"description": "DOCUMENTATION: A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n\nThe ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.\n MITIGATION: Do not compile or decompile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-19190",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65128627": {
"id": "65128627",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. \n STATEMENT: Red Hat Product Security has set the Severity of this flaw to Low for libarchive as shipped with Red Hat Enterprise Linux 8 because we could not reproduce the issue and it states \"NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.\"\n\nThis flaw is out of support scope for libarchive as shipped with Red Hat Enterprise Linux 6 and 7.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-21674",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libarchive",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65128683": {
"id": "65128683",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. \n STATEMENT: Red Hat Product Security has set the Severity of this flaw to Low for libarchive as shipped with Red Hat Enterprise Linux 8 because we could not reproduce the issue and it states \"NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.\"\n\nThis flaw is out of support scope for libarchive as shipped with Red Hat Enterprise Linux 6 and 7.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2020-21674",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libarchive",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65439673": {
"id": "65439673",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "zstd: Race condition allows attacker to access world-readable destination file (low)",
"description": "DOCUMENTATION: A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled). \n STATEMENT: In OpenShift Container Platform (OCP) the zstd package was delivered in OCP 4.3 which is already end of life.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-24032",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libzstd",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65439725": {
"id": "65439725",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "zstd: Race condition allows attacker to access world-readable destination file (low)",
"description": "DOCUMENTATION: A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled). \n STATEMENT: In OpenShift Container Platform (OCP) the zstd package was delivered in OCP 4.3 which is already end of life.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-24032",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libzstd",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65548244": {
"id": "65548244",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service (low)",
"description": "DOCUMENTATION: A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service. \n STATEMENT: This CVE is under investigation by Red Hat Product Security.\n\nNote: Upstream would categorize this as a simple bug, not a security issue. Since most elfutils tools are run in short-lived, local, interactive, development contexts rather than remotely \"in production\", we generally treat malfunctions as ordinary bugs rather than security vulnerabilities.\nThe version, as shipped in Red Hat Enterprise Linux 9, is not affected by this vulnerability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-33294",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "elfutils-libelf",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65548278": {
"id": "65548278",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service (low)",
"description": "DOCUMENTATION: A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service. \n STATEMENT: This CVE is under investigation by Red Hat Product Security.\n\nNote: Upstream would categorize this as a simple bug, not a security issue. Since most elfutils tools are run in short-lived, local, interactive, development contexts rather than remotely \"in production\", we generally treat malfunctions as ordinary bugs rather than security vulnerabilities.\nThe version, as shipped in Red Hat Enterprise Linux 9, is not affected by this vulnerability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-33294",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "elfutils-libelf",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65577715": {
"id": "65577715",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "Uncontrolled recursion in systemd-tmpfiles when removing files (low)",
"description": "DOCUMENTATION: A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. \n STATEMENT: Red Hat Enterprise Linux 8 has a default 1024 nofile limit, thus preventing `systemd-tmpfiles` from exhausting its stack and crashing. For this reason, this flaw has been rated as having a security impact of Low on Red Hat Enterprise Linux 8. For more information on default ulimit values, please see https://access.redhat.com/solutions/4482841.\n\nIn OpenShift Container Platform (OCP) systemd package was shipped with OCP 4.7 as a one-off instance and all the later OCP releases (4.8, 4.9) are using systemd from RHEL 8. Hence, the systemd package shipped with OCP 4.7 will not be fixed and the fix will be consumed from RHEL 8.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-3997",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "systemd-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65577725": {
"id": "65577725",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "Uncontrolled recursion in systemd-tmpfiles when removing files (low)",
"description": "DOCUMENTATION: A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. \n STATEMENT: Red Hat Enterprise Linux 8 has a default 1024 nofile limit, thus preventing `systemd-tmpfiles` from exhausting its stack and crashing. For this reason, this flaw has been rated as having a security impact of Low on Red Hat Enterprise Linux 8. For more information on default ulimit values, please see https://access.redhat.com/solutions/4482841.\n\nIn OpenShift Container Platform (OCP) systemd package was shipped with OCP 4.7 as a one-off instance and all the later OCP releases (4.8, 4.9) are using systemd from RHEL 8. Hence, the systemd package shipped with OCP 4.7 will not be fixed and the fix will be consumed from RHEL 8.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-3997",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "systemd-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65584099": {
"id": "65584099",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "GnuTLS: Null pointer dereference in MD_UPDATE (low)",
"description": "DOCUMENTATION: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. \n STATEMENT: According to the analysis on the upstream issue, this flaw has been rated as having a security impact of Low.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-4209",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "gnutls",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65584109": {
"id": "65584109",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "GnuTLS: Null pointer dereference in MD_UPDATE (low)",
"description": "DOCUMENTATION: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. \n STATEMENT: According to the analysis on the upstream issue, this flaw has been rated as having a security impact of Low.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-4209",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "gnutls",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65585095": {
"id": "65585095",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)",
"description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-42694",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libstdc++",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65585105": {
"id": "65585105",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)",
"description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-42694",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libstdc++",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65585179": {
"id": "65585179",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)",
"description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-42694",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libgcc",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65585189": {
"id": "65585189",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate)",
"description": "DOCUMENTATION: A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same. An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks. \n STATEMENT: This is a flaw with the way unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. It is not a flaw in Red Hat products.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-42694",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libgcc",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65585563": {
"id": "65585563",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "gmp: Integer overflow and resultant buffer overflow via crafted input (moderate)",
"description": "DOCUMENTATION: A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability. \n STATEMENT: Exploitation is only possible on 32-bit systems. The susceptible GMP package is not tethered to the network stack, so it can only be exploited via a file already on the local system. This can be achieved either by the attacker gaining local login credentials or alternatively; by tricking a user into loading then executing a malicious file. Because of these combined reasons Red Hat Product Security rates the impact as Moderate.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-43618",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "gmp",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65585573": {
"id": "65585573",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "gmp: Integer overflow and resultant buffer overflow via crafted input (moderate)",
"description": "DOCUMENTATION: A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability. \n STATEMENT: Exploitation is only possible on 32-bit systems. The susceptible GMP package is not tethered to the network stack, so it can only be exploited via a file already on the local system. This can be achieved either by the attacker gaining local login credentials or alternatively; by tricking a user into loading then executing a malicious file. Because of these combined reasons Red Hat Product Security rates the impact as Moderate.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-43618",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "gmp",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65614111": {
"id": "65614111",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)",
"description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2022-27943",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libstdc++",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65614121": {
"id": "65614121",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)",
"description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2022-27943",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libstdc++",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65614339": {
"id": "65614339",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)",
"description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2022-27943",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libgcc",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65614349": {
"id": "65614349",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const (low)",
"description": "DOCUMENTATION: A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2022-27943",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libgcc",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65628019": {
"id": "65628019",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "denial of service issue (resource consumption) using compressed packets (low)",
"description": "DOCUMENTATION: A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2022-3219",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "gnupg2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65628029": {
"id": "65628029",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "denial of service issue (resource consumption) using compressed packets (low)",
"description": "DOCUMENTATION: A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2022-3219",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "gnupg2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65646679": {
"id": "65646679",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop (low)",
"description": "DOCUMENTATION: A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack. \n STATEMENT: Red Hat Product Security classifies this issue as having a Low security impact. The vulnerability involves an infinite loop in a command-line utility, which is not typically designed to handle untrusted input. As a result, it is assessed that this does not pose a substantial security risk and does not lead to any meaningful security impact.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2022-41409",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "pcre2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65646689": {
"id": "65646689",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop (low)",
"description": "DOCUMENTATION: A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack. \n STATEMENT: Red Hat Product Security classifies this issue as having a Low security impact. The vulnerability involves an infinite loop in a command-line utility, which is not typically designed to handle untrusted input. As a result, it is assessed that this does not pose a substantial security risk and does not lead to any meaningful security impact.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2022-41409",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "pcre2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65666491": {
"id": "65666491",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints (low)",
"description": "DOCUMENTATION: A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-0464",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65666501": {
"id": "65666501",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints (low)",
"description": "DOCUMENTATION: A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-0464",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65666611": {
"id": "65666611",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: Invalid certificate policies in leaf certificates are silently ignored (low)",
"description": "DOCUMENTATION: A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-0465",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65666621": {
"id": "65666621",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: Invalid certificate policies in leaf certificates are silently ignored (low)",
"description": "DOCUMENTATION: A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-0465",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65666731": {
"id": "65666731",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: Certificate policy check not enabled (low)",
"description": "DOCUMENTATION: A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-0466",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65666741": {
"id": "65666741",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: Certificate policy check not enabled (low)",
"description": "DOCUMENTATION: A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-0466",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65686375": {
"id": "65686375",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: Possible DoS translating ASN.1 object identifiers (low)",
"description": "DOCUMENTATION: A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service. \n STATEMENT: CVE-2023-2650 can't cause DoS on machines with OpenSSL 1.1.1 and so is considered LOW for RHEL 8.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-2650",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65686385": {
"id": "65686385",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: Possible DoS translating ASN.1 object identifiers (low)",
"description": "DOCUMENTATION: A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service. \n STATEMENT: CVE-2023-2650 can't cause DoS on machines with OpenSSL 1.1.1 and so is considered LOW for RHEL 8.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-2650",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65691823": {
"id": "65691823",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: SFTP path ~ resolving discrepancy (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-27534",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libcurl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65691833": {
"id": "65691833",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: SFTP path ~ resolving discrepancy (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-27534",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libcurl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65691847": {
"id": "65691847",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: SFTP path ~ resolving discrepancy (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-27534",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "curl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65691857": {
"id": "65691857",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: SFTP path ~ resolving discrepancy (low)",
"description": "DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. \n STATEMENT: In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-27534",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "curl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65691883": {
"id": "65691883",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: more POST-after-PUT confusion (low)",
"description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-28322",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libcurl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65691893": {
"id": "65691893",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: more POST-after-PUT confusion (low)",
"description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-28322",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libcurl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65691907": {
"id": "65691907",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: more POST-after-PUT confusion (low)",
"description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-28322",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "curl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65691917": {
"id": "65691917",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: more POST-after-PUT confusion (low)",
"description": "DOCUMENTATION: A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-28322",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "curl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65702119": {
"id": "65702119",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "glib: GVariant offset table entry size is not checked in is_normal() (low)",
"description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-29499",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "glib2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65702129": {
"id": "65702129",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "glib: GVariant offset table entry size is not checked in is_normal() (low)",
"description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-29499",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "glib2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65702179": {
"id": "65702179",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "null pointer dereference in ber_memalloc_x function (low)",
"description": "DOCUMENTATION: A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-2953",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openldap",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65702189": {
"id": "65702189",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "null pointer dereference in ber_memalloc_x function (low)",
"description": "DOCUMENTATION: A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-2953",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openldap",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65707219": {
"id": "65707219",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "glib: g_variant_byteswap() can take a long time with some non-normal inputs (low)",
"description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-32611",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "glib2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65707229": {
"id": "65707229",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "glib: g_variant_byteswap() can take a long time with some non-normal inputs (low)",
"description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-32611",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "glib2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65707327": {
"id": "65707327",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "glib: Timeout in fuzz_variant_text (low)",
"description": "DOCUMENTATION: A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-32636",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "glib2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65707337": {
"id": "65707337",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "glib: Timeout in fuzz_variant_text (low)",
"description": "DOCUMENTATION: A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-32636",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "glib2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65707363": {
"id": "65707363",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "glib: GVariant deserialisation does not match spec for non-normal data (low)",
"description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-32665",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "glib2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65707373": {
"id": "65707373",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "glib: GVariant deserialisation does not match spec for non-normal data (low)",
"description": "DOCUMENTATION: A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. \n STATEMENT: This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-32665",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "glib2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65708731": {
"id": "65708731",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CLI fault on missing -nonce (low)",
"description": "DOCUMENTATION: A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack. \n STATEMENT: This vulnerability has been rated as Low security impact because the CLI fault on missing '-nonce', though it could cause a crash in CLI, it doesn't possess a real security risk.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-36191",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65708741": {
"id": "65708741",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "CLI fault on missing -nonce (low)",
"description": "DOCUMENTATION: A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack. \n STATEMENT: This vulnerability has been rated as Low security impact because the CLI fault on missing '-nonce', though it could cause a crash in CLI, it doesn't possess a real security risk.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-36191",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65719579": {
"id": "65719579",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "python-certifi: Removal of e-Tugra root certificate (low)",
"description": "DOCUMENTATION: A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-37920",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ca-certificates",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65719589": {
"id": "65719589",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "python-certifi: Removal of e-Tugra root certificate (low)",
"description": "DOCUMENTATION: A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-37920",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ca-certificates",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65720767": {
"id": "65720767",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: cookie injection with none file (low)",
"description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-38546",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libcurl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65720777": {
"id": "65720777",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: cookie injection with none file (low)",
"description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-38546",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libcurl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65720779": {
"id": "65720779",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: cookie injection with none file (low)",
"description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-38546",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "curl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65720789": {
"id": "65720789",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: cookie injection with none file (low)",
"description": "DOCUMENTATION: A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. \n STATEMENT: The flaw requires a series of conditions to be met and the likeliness that they shall allow an attacker to take advantage of it is low. Even if the bug could be made to trigger, the risk that a cookie injection can be done to cause harm is additionally also low.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-38546",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "curl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65733607": {
"id": "65733607",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "gawk: heap out of bound read in builtin.c (low)",
"description": "DOCUMENTATION: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-4156",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "gawk",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65733617": {
"id": "65733617",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "gawk: heap out of bound read in builtin.c (low)",
"description": "DOCUMENTATION: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-4156",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "gawk",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65741407": {
"id": "65741407",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libxml2: use-after-free in xmlUnlinkNode() in tree.c (low)",
"description": "DOCUMENTATION: A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability. \n STATEMENT: The libxml2 project does not consider this issue to be a vulnerability because it can only be triggered in an out-of-memory condition or when the --maxmem command line option of the xmllint program is used to limit the number of memory allocation done by the parser. This is intended behavior and it's used to detect similar issues.\n\nRed Hat Product Security agrees with that decision. However, Red Hat will try to address this issue in affected products.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-45322",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libxml2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65741417": {
"id": "65741417",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libxml2: use-after-free in xmlUnlinkNode() in tree.c (low)",
"description": "DOCUMENTATION: A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability. \n STATEMENT: The libxml2 project does not consider this issue to be a vulnerability because it can only be triggered in an out-of-memory condition or when the --maxmem command line option of the xmllint program is used to limit the number of memory allocation done by the parser. This is intended behavior and it's used to detect similar issues.\n\nRed Hat Product Security agrees with that decision. However, Red Hat will try to address this issue in affected products.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-45322",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libxml2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65743099": {
"id": "65743099",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: information disclosure by exploiting a mixed case flaw (moderate)",
"description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-46218",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libcurl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65743109": {
"id": "65743109",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: information disclosure by exploiting a mixed case flaw (moderate)",
"description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-46218",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libcurl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65743123": {
"id": "65743123",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: information disclosure by exploiting a mixed case flaw (moderate)",
"description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-46218",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "curl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65743133": {
"id": "65743133",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "curl: information disclosure by exploiting a mixed case flaw (moderate)",
"description": "DOCUMENTATION: A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible. \n STATEMENT: When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-46218",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "curl",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65750347": {
"id": "65750347",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: segmentation fault via _nc_wrap_entry() (low)",
"description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-50495",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65750357": {
"id": "65750357",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: segmentation fault via _nc_wrap_entry() (low)",
"description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-50495",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65750359": {
"id": "65750359",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: segmentation fault via _nc_wrap_entry() (low)",
"description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-50495",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65750369": {
"id": "65750369",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: segmentation fault via _nc_wrap_entry() (low)",
"description": "DOCUMENTATION: A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry(). \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-50495",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65756827": {
"id": "65756827",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ipa: Invalid CSRF protection (moderate)",
"description": "DOCUMENTATION: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. \n STATEMENT: The CSRF vulnerability in ipa/session/login_password is considered a moderate issue due to the need for the attacker to trick users into submitting a request. This implies that exploitation requires user interaction for a new authentication attempt, rather than reflecting a cookie for an already logged-in user. While the vulnerability could result in a loss of confidentiality and system integrity, the specific actions and their severity are not explicitly detailed. The moderate classification suggests that, while serious, the limitations on exploitation conditions and potential impact contribute to a moderate overall severity.\n MITIGATION: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-5455",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "krb5-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65756837": {
"id": "65756837",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ipa: Invalid CSRF protection (moderate)",
"description": "DOCUMENTATION: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. \n STATEMENT: The CSRF vulnerability in ipa/session/login_password is considered a moderate issue due to the need for the attacker to trick users into submitting a request. This implies that exploitation requires user interaction for a new authentication attempt, rather than reflecting a cookie for an already logged-in user. While the vulnerability could result in a loss of confidentiality and system integrity, the specific actions and their severity are not explicitly detailed. The moderate classification suggests that, while serious, the limitations on exploitation conditions and potential impact contribute to a moderate overall severity.\n MITIGATION: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-5455",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "krb5-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65759419": {
"id": "65759419",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)",
"description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-6004",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libssh-config",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65759429": {
"id": "65759429",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)",
"description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-6004",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libssh-config",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65759431": {
"id": "65759431",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)",
"description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-6004",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libssh",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65759441": {
"id": "65759441",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)",
"description": "DOCUMENTATION: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. \n STATEMENT: Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-6004",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libssh",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65774323": {
"id": "65774323",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libssh: Missing checks for return values for digests (low)",
"description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-6918",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libssh",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65774333": {
"id": "65774333",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libssh: Missing checks for return values for digests (low)",
"description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-6918",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libssh",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65774335": {
"id": "65774335",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libssh: Missing checks for return values for digests (low)",
"description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-6918",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libssh-config",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65774345": {
"id": "65774345",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libssh: Missing checks for return values for digests (low)",
"description": "DOCUMENTATION: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. \n STATEMENT: This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\n\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\n\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.\n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-6918",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "libssh-config",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65775115": {
"id": "65775115",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes (moderate)",
"description": "DOCUMENTATION: A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. \n STATEMENT: This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nNote that DNSSEC= option is by default set to 'no' and changing the value requires root privileges.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-7008",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "systemd-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65775125": {
"id": "65775125",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes (moderate)",
"description": "DOCUMENTATION: A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. \n STATEMENT: This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nNote that DNSSEC= option is by default set to 'no' and changing the value requires root privileges.\n MITIGATION: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2023-7008",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "systemd-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65776543": {
"id": "65776543",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "sqlite: use-after-free bug in jsonParseAddNodeArray (low)",
"description": "DOCUMENTATION: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2024-0232",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65776553": {
"id": "65776553",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "sqlite: use-after-free bug in jsonParseAddNodeArray (low)",
"description": "DOCUMENTATION: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2024-0232",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "sqlite-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65780563": {
"id": "65780563",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: denial of service via null dereference (low)",
"description": "DOCUMENTATION: A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service. \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2024-0727",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65780573": {
"id": "65780573",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "openssl: denial of service via null dereference (low)",
"description": "DOCUMENTATION: A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service. \n \n MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2024-0727",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "openssl-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65795767": {
"id": "65795767",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libxml2: use-after-free in XMLReader (moderate)",
"description": "DOCUMENTATION: A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2024-25062",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libxml2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"65795777": {
"id": "65795777",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "libxml2: use-after-free in XMLReader (moderate)",
"description": "DOCUMENTATION: A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2024-25062",
"severity": "Moderate",
"normalized_severity": "Medium",
"package": {
"id": "",
"name": "libxml2",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"90455241": {
"id": "90455241",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)",
"description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-39537",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"90455256": {
"id": "90455256",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)",
"description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-39537",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-libs",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"90455258": {
"id": "90455258",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)",
"description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-39537",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/a:redhat:enterprise_linux:8::appstream",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
},
"90455313": {
"id": "90455313",
"updater": "RHEL8-rhel-8-including-unpatched",
"name": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c (low)",
"description": "DOCUMENTATION: A heap overflow vulnerability has been found in the ncurses package, particularly in the terminfo entry-description compiler (tic). This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability. \n STATEMENT: Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.\n MITIGATION: Do not compile untrusted terminfo descriptions.",
"issued": "0001-01-01T00:00:00Z",
"links": "https://access.redhat.com/security/cve/CVE-2021-39537",
"severity": "Low",
"normalized_severity": "Low",
"package": {
"id": "",
"name": "ncurses-base",
"version": "",
"kind": "binary"
},
"distribution": {
"id": "",
"did": "rhel",
"name": "Red Hat Enterprise Linux Server",
"version": "8",
"version_code_name": "",
"version_id": "8",
"arch": "",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*",
"pretty_name": "Red Hat Enterprise Linux Server 8"
},
"repository": {
"name": "cpe:/o:redhat:enterprise_linux:8::baseos",
"key": "rhel-cpe-repository"
},
"fixed_in_version": ""
}
},
"package_vulnerabilities": {
"4": [
"13344187",
"65759429",
"65774345",
"13344177",
"65759419",
"65774335"
],
"10": [
"65646689",
"65646679"
],
"12": [
"90455256",
"64450179",
"64450834",
"65100192",
"65100399",
"65104225",
"65104608",
"65104780",
"65105034",
"65750357",
"90455241",
"64450130",
"64450806",
"65100167",
"65100375",
"65104192",
"65104598",
"65104648",
"65105015",
"65750347"
],
"22": [
"64529887",
"64529768"
],
"24": [
"65585573",
"65585563"
],
"26": [
"65439725",
"65439673"
],
"30": [
"3425218",
"65795777",
"65741417",
"3425123",
"65795767",
"65741407"
],
"36": [
"64530230",
"64530170"
],
"42": [
"64424244",
"64424234"
],
"44": [
"64729356",
"64729274"
],
"56": [
"3417961",
"65666501",
"65666621",
"65666741",
"65686385",
"65780573",
"3417876",
"65666491",
"65666611",
"65666731",
"65686375",
"65780563"
],
"62": [
"13344115",
"3470539",
"65584109",
"13344105",
"3470275",
"65584099"
],
"78": [
"64464391",
"64547874",
"65585105",
"65614121",
"64464345",
"64547793",
"65585095",
"65614111"
],
"80": [
"65756837",
"65756827"
],
"84": [
"65702189",
"65702179"
],
"94": [
"13344223",
"13344213"
],
"102": [
"64465868",
"64548903",
"65585189",
"65614349",
"64465858",
"64548810",
"65585179",
"65614339"
],
"104": [
"90455313",
"64450630",
"64451489",
"65100344",
"65100540",
"65104546",
"65104558",
"65104646",
"65105648",
"65750369",
"90455258",
"64450591",
"64451473",
"65100315",
"65100521",
"65104467",
"65104548",
"65104636",
"65105597",
"65750359"
],
"124": [
"3475421",
"64827219",
"64956490",
"64956811",
"65708741",
"65776553",
"3475329",
"64827078",
"64956463",
"64956789",
"65708731",
"65776543"
],
"138": [
"65548278",
"65548244"
],
"152": [
"64470969",
"65577725",
"65775125",
"64470956",
"65577715",
"65775115"
],
"156": [
"65719589",
"65719579"
],
"160": [
"65128683",
"64424493",
"64424377",
"65128627",
"64424472",
"64424366"
],
"164": [
"65707373",
"65707337",
"65707229",
"65702129",
"65707327",
"65707363",
"65707219",
"65702119"
],
"170": [
"64929594",
"64929126",
"64929539",
"64929074"
],
"176": [
"3238062",
"3238018"
],
"178": [
"65733617",
"65733607"
],
"182": [
"13344175",
"65774333",
"65759441",
"13344165",
"65774323",
"65759431"
],
"188": [
"65628029",
"65628019"
],
"192": [
"65691893",
"65691833",
"65720777",
"65743109",
"65691883",
"65691823",
"65720767",
"65743099"
],
"194": [
"65743133",
"65720789",
"65691857",
"65691917",
"65743123",
"65720779",
"65691847",
"65691907"
],
"196": [
"13344295",
"13344285"
],
"226": [
"10425539"
]
},
"enrichments": {
"message/vnd.clair.map.vulnerability; enricher=clair.cvss schema=https://csrc.nist.gov/schema/nvd/feed/1.1/cvss-v3.x.json": [
{
"3238018": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"3238062": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"3417876": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"3417961": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"3425123": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"3425218": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"3470275": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"3470539": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"3475329": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.3,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"3475421": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.3,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"13344105": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"13344115": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"13344165": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"13344175": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"13344177": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"13344187": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"13344213": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.4,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
}
],
"13344223": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.4,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
}
],
"13344285": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.4,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
}
],
"13344295": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.4,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "HIGH",
"confidentialityImpact": "HIGH"
}
],
"64424234": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64424244": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64424366": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64424377": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64424472": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64424493": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64450130": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64450179": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64450591": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64450630": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64450806": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64450834": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64451473": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64451489": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64464345": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64464391": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64465858": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64465868": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64470956": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 9.8,
"attackVector": "NETWORK",
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64470969": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 9.8,
"attackVector": "NETWORK",
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64529768": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 9.8,
"attackVector": "NETWORK",
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64529887": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 9.8,
"attackVector": "NETWORK",
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64530170": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64530230": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64547793": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64547874": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64548810": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64548903": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64729274": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.1,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64729356": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.1,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64827078": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64827219": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64929074": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.4,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "LOW"
}
],
"64929126": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.4,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "LOW"
}
],
"64929539": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.4,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "LOW"
}
],
"64929594": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.4,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "LOW"
}
],
"64956463": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64956490": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"64956789": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"64956811": [
{
"scope": "UNCHANGED",
"version": "3.0",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65100167": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65100192": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65100315": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65100344": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65100375": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65100399": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65100521": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65100540": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104192": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104225": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104467": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104546": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104548": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104558": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104598": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104608": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104636": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104646": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104648": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65104780": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65105015": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65105034": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65105597": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65105648": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65128627": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65128683": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65439673": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
}
],
"65439725": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.7,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
}
],
"65548244": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65548278": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65577715": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "NONE"
}
],
"65577725": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "NONE"
}
],
"65584099": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "NONE"
}
],
"65584109": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "NONE"
}
],
"65585095": [
{
"scope": "CHANGED",
"version": "3.1",
"baseScore": 8.3,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65585105": [
{
"scope": "CHANGED",
"version": "3.1",
"baseScore": 8.3,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65585179": [
{
"scope": "CHANGED",
"version": "3.1",
"baseScore": 8.3,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65585189": [
{
"scope": "CHANGED",
"version": "3.1",
"baseScore": 8.3,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "HIGH",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65585563": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65585573": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65614111": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65614121": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65614339": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65614349": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65628019": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.3,
"attackVector": "LOCAL",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "NONE"
}
],
"65628029": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.3,
"attackVector": "LOCAL",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "NONE"
}
],
"65646679": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65646689": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65666491": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65666501": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65666611": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65666621": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65666731": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65666741": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65686375": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65686385": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65691823": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.8,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
}
],
"65691833": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.8,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
}
],
"65691847": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.8,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
}
],
"65691857": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.8,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "LOW",
"confidentialityImpact": "HIGH"
}
],
"65691883": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.7,
"attackVector": "NETWORK",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"65691893": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.7,
"attackVector": "NETWORK",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"65691907": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.7,
"attackVector": "NETWORK",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"65691917": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.7,
"attackVector": "NETWORK",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"65702119": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65702129": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65702179": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65702189": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65707219": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65707229": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65707327": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65707337": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65707363": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65707373": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65719579": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 9.8,
"attackVector": "NETWORK",
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65719589": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 9.8,
"attackVector": "NETWORK",
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65720767": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.7,
"attackVector": "NETWORK",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65720777": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.7,
"attackVector": "NETWORK",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65720779": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.7,
"attackVector": "NETWORK",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65720789": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 3.7,
"attackVector": "NETWORK",
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65733607": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.1,
"attackVector": "LOCAL",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65733617": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.1,
"attackVector": "LOCAL",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65741407": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65741417": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65743099": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"65743109": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"65743123": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"65743133": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "LOW"
}
],
"65750347": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65750357": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65750359": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65750369": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 6.5,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65756827": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.1,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65756837": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.1,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"65759419": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.8,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"integrityImpact": "LOW",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "LOW"
}
],
"65759429": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.8,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"integrityImpact": "LOW",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "LOW"
}
],
"65759431": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.8,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"integrityImpact": "LOW",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "LOW"
}
],
"65759441": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.8,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"integrityImpact": "LOW",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "LOW"
}
],
"65774323": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65774333": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65774335": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65774345": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65775115": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65775125": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.9,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"integrityImpact": "HIGH",
"userInteraction": "NONE",
"attackComplexity": "HIGH",
"availabilityImpact": "NONE",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65776543": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65776553": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65780563": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65780573": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.5,
"attackVector": "LOCAL",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65795767": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"65795777": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 7.5,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
],
"90455241": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.8,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"90455256": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.8,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"90455258": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.8,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
],
"90455313": [
{
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 8.8,
"attackVector": "NETWORK",
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"integrityImpact": "HIGH",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "HIGH",
"privilegesRequired": "NONE",
"confidentialityImpact": "HIGH"
}
]
}
]
}
}
View Git Blame Copy Permalink