-
Notifications
You must be signed in to change notification settings - Fork 0
dockerhub.hi.inet evolved 5g certification iqb netapp iqb netapp keycloak
Evolved5G edited this page Oct 31, 2023
·
3 revisions
| Severity | Number of vulnerabilities |
|---|---|
| CRITICAL | 19 |
| HIGH | 90 |
| MEDIUM | 263 |
| LOW | 106 |
| Severity | ID | Title | PkgName | InstalledVersion | FixedVersion |
|---|---|---|---|---|---|
| CRITICAL | CVE-2021-43527 | Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | nss | 3.67.0-6.el8_4 | 3.67.0-7.el8_5 |
| CRITICAL | CVE-2021-43527 | Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | nss-softokn | 3.67.0-6.el8_4 | 3.67.0-7.el8_5 |
| CRITICAL | CVE-2021-43527 | Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | nss-softokn-freebl | 3.67.0-6.el8_4 | 3.67.0-7.el8_5 |
| CRITICAL | CVE-2021-43527 | Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | nss-sysinit | 3.67.0-6.el8_4 | 3.67.0-7.el8_5 |
| CRITICAL | CVE-2021-43527 | Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | nss-util | 3.67.0-6.el8_4 | 3.67.0-7.el8_5 |
| CRITICAL | CVE-2021-42575 | improper policies enforcement may lead to remote code execution | com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer | 20191001.1 | 20211018.1 |
| CRITICAL | CVE-2021-42392 | h2: Remote Code Execution in Console | com.h2database:h2 | 1.4.197 | 2.0.206 |
| CRITICAL | CVE-2022-23221 | Loading of custom classes from remote servers through JNDI | com.h2database:h2 | 1.4.197 | 2.1.210 |
| CRITICAL | CVE-2022-4492 | Server identity in https connection is not checked by the undertow client | io.undertow:undertow-core | 2.2.5.Final | 2.3.5.Final, 2.2.24.Final |
| CRITICAL | CVE-2022-4492 | Server identity in https connection is not checked by the undertow client | io.undertow:undertow-core | 2.2.5.Final | 2.3.5.Final, 2.2.24.Final |
| CRITICAL | CVE-2022-46364 | SSRF Vulnerability | org.apache.cxf:cxf-core | 3.3.10 | 3.4.10, 3.5.5 |
| CRITICAL | CVE-2022-45047 | Java unsafe deserialization vulnerability | org.apache.sshd:sshd-common | 2.3.0 | 2.9.2 |
| CRITICAL | CVE-2022-45047 | Java unsafe deserialization vulnerability | org.apache.sshd:sshd-common | 2.3.0 | 2.9.2 |
| CRITICAL | CVE-2022-45047 | Java unsafe deserialization vulnerability | org.apache.sshd:sshd-common | 2.3.0 | 2.9.2 |
| CRITICAL | CVE-2022-45047 | Java unsafe deserialization vulnerability | org.apache.sshd:sshd-common | 2.4.0 | 2.9.2 |
| CRITICAL | CVE-2022-45047 | Java unsafe deserialization vulnerability | org.apache.sshd:sshd-core | 2.4.0 | 2.9.2 |
| CRITICAL | CVE-2022-1245 | Privilege escalation vulnerability on Token Exchange | org.keycloak:keycloak-services | 15.0.2 | 18.0.0 |
| CRITICAL | CVE-2022-4361 | XSS due to lax URI scheme validation | org.keycloak:keycloak-services | 15.0.2 | 21.1.2 |
| CRITICAL | CVE-2022-0839 | Improper Restriction of XML External Entity | org.liquibase:liquibase-core | 3.5.5 | 4.8.0 |
| HIGH | CVE-2022-26691 | cups: authorization bypass when using "local" authorization | cups-libs | 1:2.2.6-40.el8 | 1:2.2.6-45.el8_6.2 |
| HIGH | CVE-2023-32360 | Information leak through Cups-Get-Document operation | cups-libs | 1:2.2.6-40.el8 | 1:2.2.6-51.el8_8.1 |
| HIGH | CVE-2022-24407 | failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands | cyrus-sasl-lib | 2.1.27-5.el8 | 2.1.27-6.el8_5 |
| HIGH | CVE-2022-25235 | Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| HIGH | CVE-2022-25236 | prefix]" attribute values can lead to arbitrary code execution | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| HIGH | CVE-2022-25315 | Integer overflow in storeRawNames() | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| HIGH | CVE-2022-40674 | a use-after-free in the doContent function in xmlparse.c | expat | 2.2.5-4.el8 | 2.2.5-8.el8_6.3 |
| HIGH | CVE-2023-4911 | buffer overflow in ld.so leading to privilege escalation | glibc | 2.28-164.el8 | 2.28-225.el8_8.6 |
| HIGH | CVE-2023-4911 | buffer overflow in ld.so leading to privilege escalation | glibc-common | 2.28-164.el8 | 2.28-225.el8_8.6 |
| HIGH | CVE-2023-4911 | buffer overflow in ld.so leading to privilege escalation | glibc-langpack-en | 2.28-164.el8 | 2.28-225.el8_8.6 |
| HIGH | CVE-2023-4911 | buffer overflow in ld.so leading to privilege escalation | glibc-minimal-langpack | 2.28-164.el8 | 2.28-225.el8_8.6 |
| HIGH | CVE-2022-1271 | arbitrary-file-write vulnerability | gzip | 1.9-12.el8 | 1.9-13.el8_5 |
| HIGH | CVE-2022-21476 | Defective secure validation in Apache Santuario (Libraries, 8278008) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.15.0.9-2.el8_5 |
| HIGH | CVE-2022-34169 | integer truncation issue in Xalan-J (JAXP, 8285407) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.16.0.8-1.el8_6 |
| HIGH | CVE-2023-21930 | improper connection handling during TLS handshake (8294474) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.19.0.7-1.el8_7 |
| HIGH | CVE-2022-42898 | integer overflow vulnerabilities in PAC parsing | krb5-libs | 1.18.2-14.el8 | 1.18.2-22.el8_7 |
| HIGH | CVE-2022-3515 | integer overflow may lead to remote code execution | libksba | 1.3.5-7.el8 | 1.3.5-8.el8_6 |
| HIGH | CVE-2022-47629 | integer overflow to code execution | libksba | 1.3.5-7.el8 | 1.3.5-9.el8_7 |
| HIGH | CVE-2023-44487 | Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) | libnghttp2 | 1.33.0-3.el8_2.1 | 1.33.0-5.el8_8 |
| HIGH | CVE-2023-0767 | Arbitrary memory write via PKCS 12 | nss | 3.67.0-6.el8_4 | 3.79.0-11.el8_7 |
| HIGH | CVE-2023-0767 | Arbitrary memory write via PKCS 12 | nss-softokn | 3.67.0-6.el8_4 | 3.79.0-11.el8_7 |
| HIGH | CVE-2023-0767 | Arbitrary memory write via PKCS 12 | nss-softokn-freebl | 3.67.0-6.el8_4 | 3.79.0-11.el8_7 |
| HIGH | CVE-2023-0767 | Arbitrary memory write via PKCS 12 | nss-sysinit | 3.67.0-6.el8_4 | 3.79.0-11.el8_7 |
| HIGH | CVE-2023-0767 | Arbitrary memory write via PKCS 12 | nss-util | 3.67.0-6.el8_4 | 3.79.0-11.el8_7 |
| HIGH | CVE-2022-0778 | Infinite loop in BN_mod_sqrt() reachable when parsing certificates | openssl | 1:1.1.1k-4.el8 | 1:1.1.1k-6.el8_5 |
| HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | openssl | 1:1.1.1k-4.el8 | 1:1.1.1k-9.el8_7 |
| HIGH | CVE-2022-0778 | Infinite loop in BN_mod_sqrt() reachable when parsing certificates | openssl-libs | 1:1.1.1k-4.el8 | 1:1.1.1k-6.el8_5 |
| HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | openssl-libs | 1:1.1.1k-4.el8 | 1:1.1.1k-9.el8_7 |
| HIGH | CVE-2023-24329 | urllib.parse url blocklisting bypass | platform-python | 3.6.8-41.el8 | 3.6.8-51.el8_8.1 |
| HIGH | CVE-2023-40217 | TLS handshake bypass | platform-python | 3.6.8-41.el8 | 3.6.8-51.el8_8.2 |
| HIGH | CVE-2023-24329 | urllib.parse url blocklisting bypass | python3-libs | 3.6.8-41.el8 | 3.6.8-51.el8_8.1 |
| HIGH | CVE-2023-40217 | TLS handshake bypass | python3-libs | 3.6.8-41.el8 | 3.6.8-51.el8_8.2 |
| HIGH | CVE-2022-2526 | systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c | systemd-libs | 239-51.el8 | 239-58.el8_6.4 |
| HIGH | CVE-2022-1271 | arbitrary-file-write vulnerability | xz-libs | 5.2.4-3.el8 | 5.2.4-4.el8_6 |
| HIGH | CVE-2018-25032 | A flaw found in zlib when compressing (not decompressing) certain inputs | zlib | 1.2.11-17.el8 | 1.2.11-18.el8_5 |
| HIGH | CVE-2020-36518 | denial of service via a large depth of nested objects | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.13.2.1, 2.12.6.1 |
| HIGH | CVE-2020-36518 | denial of service via a large depth of nested objects | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.13.2.1, 2.12.6.1 |
| HIGH | CVE-2020-36518 | denial of service via a large depth of nested objects | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.13.2.1, 2.12.6.1 |
| HIGH | CVE-2021-46877 | Possible DoS if using JDK serialization to serialize JsonNode | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.12.6, 2.13.1 |
| HIGH | CVE-2021-46877 | Possible DoS if using JDK serialization to serialize JsonNode | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.12.6, 2.13.1 |
| HIGH | CVE-2021-46877 | Possible DoS if using JDK serialization to serialize JsonNode | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.12.6, 2.13.1 |
| HIGH | CVE-2022-42003 | deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.12.7.1, 2.13.4.2 |
| HIGH | CVE-2022-42003 | deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.12.7.1, 2.13.4.2 |
| HIGH | CVE-2022-42003 | deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.12.7.1, 2.13.4.2 |
| HIGH | CVE-2022-42004 | use of deeply nested arrays | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.12.7.1, 2.13.4 |
| HIGH | CVE-2022-42004 | use of deeply nested arrays | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.12.7.1, 2.13.4 |
| HIGH | CVE-2022-42004 | use of deeply nested arrays | com.fasterxml.jackson.core:jackson-databind | 2.12.1 | 2.12.7.1, 2.13.4 |
| HIGH | CVE-2022-25647 | Deserialization of Untrusted Data in com.google.code.gson-gson | com.google.code.gson:gson | 2.8.5 | 2.8.9 |
| HIGH | CVE-2022-25647 | Deserialization of Untrusted Data in com.google.code.gson-gson | com.google.code.gson:gson | 2.8.6 | 2.8.9 |
| HIGH | CVE-2021-22569 | potential DoS in the parsing procedure for binary data | com.google.protobuf:protobuf-java | 3.12.2 | 3.16.1, 3.18.2, 3.19.2 |
| HIGH | CVE-2021-22570 | protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference | com.google.protobuf:protobuf-java | 3.12.2 | 3.15.0 |
| HIGH | CVE-2022-3509 | Textformat parsing issue leads to DoS | com.google.protobuf:protobuf-java | 3.12.2 | 3.16.3, 3.19.6, 3.20.3, 3.21.7 |
| HIGH | CVE-2022-3510 | Message-Type Extensions parsing issue leads to DoS | com.google.protobuf:protobuf-java | 3.12.2 | 3.16.3, 3.19.6, 3.20.3, 3.21.7 |
| HIGH | CVE-2022-45868 | The web-based admin console in H2 Database Engine through 2.1.214 can ... | com.h2database:h2 | 1.4.197 | 2.2.220 |
| HIGH | CVE-2021-3629 | undertow: potential security issue in flow control over HTTP/2 may lead to DOS | io.undertow:undertow-core | 2.2.5.Final | 2.0.40.Final, 2.2.11.Final |
| HIGH | CVE-2021-3629 | undertow: potential security issue in flow control over HTTP/2 may lead to DOS | io.undertow:undertow-core | 2.2.5.Final | 2.0.40.Final, 2.2.11.Final |
| HIGH | CVE-2021-3690 | buffer leak on incoming websocket PONG message may lead to DoS | io.undertow:undertow-core | 2.2.5.Final | 2.0.40, 2.2.10 |
| HIGH | CVE-2021-3690 | buffer leak on incoming websocket PONG message may lead to DoS | io.undertow:undertow-core | 2.2.5.Final | 2.0.40, 2.2.10 |
| HIGH | CVE-2021-3859 | client side invocation timeout raised when calling over HTTP2 | io.undertow:undertow-core | 2.2.5.Final | 2.2.15 |
| HIGH | CVE-2021-3859 | client side invocation timeout raised when calling over HTTP2 | io.undertow:undertow-core | 2.2.5.Final | 2.2.15 |
| HIGH | CVE-2022-2053 | Large AJP request may cause DoS | io.undertow:undertow-core | 2.2.5.Final | 2.2.19.Final, 2.3.0.Alpha2 |
| HIGH | CVE-2022-2053 | Large AJP request may cause DoS | io.undertow:undertow-core | 2.2.5.Final | 2.2.19.Final, 2.3.0.Alpha2 |
| HIGH | CVE-2023-1108 | Infinite loop in SslConduit during close | io.undertow:undertow-core | 2.2.5.Final | 2.3.5.Final, 2.2.24.Final |
| HIGH | CVE-2023-1108 | Infinite loop in SslConduit during close | io.undertow:undertow-core | 2.2.5.Final | 2.3.5.Final, 2.2.24.Final |
| HIGH | CVE-2022-23913 | Apache ActiveMQ Artemis DoS | org.apache.activemq:artemis-core-client | 2.16.0 | 2.19.1 |
| HIGH | CVE-2022-23913 | Apache ActiveMQ Artemis DoS | org.apache.activemq:artemis-core-client | 2.16.0 | 2.19.1 |
| HIGH | CVE-2023-39410 | Memory when deserializing untrusted data in Avro Java SDK | org.apache.avro:avro | 1.7.6 | 1.11.3 |
| HIGH | CVE-2022-46363 | directory listing / code exfiltration | org.apache.cxf:cxf-core | 3.3.10 | 3.4.10, 3.5.5 |
| HIGH | CVE-2021-40690 | xml-security: XPath Transform abuse allows for information disclosure | org.apache.santuario:xmlsec | 2.1.6 | 2.2.3, 2.1.7 |
| HIGH | CVE-2021-30129 | Memory leak denial of service in Apache Mina SSHD Server | org.apache.sshd:sshd-core | 2.4.0 | 2.7.0 |
| HIGH | CVE-2020-13949 | potential DoS when processing untrusted payloads | org.apache.thrift:libthrift | 0.13.0 | 0.14.0 |
| HIGH | CVE-2022-40150 | memory exhaustion via user-supplied XML or JSON data | org.codehaus.jettison:jettison | 1.4.0 | 1.5.2 |
| HIGH | CVE-2022-45685 | stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON | org.codehaus.jettison:jettison | 1.4.0 | 1.5.2 |
| HIGH | CVE-2022-45693 | If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which ma | org.codehaus.jettison:jettison | 1.4.0 | 1.5.2 |
| HIGH | CVE-2023-1436 | Uncontrolled Recursion in JSONArray | org.codehaus.jettison:jettison | 1.4.0 | 1.5.4 |
| HIGH | CVE-2023-4759 | arbitrary file overwrite | org.eclipse.jgit:org.eclipse.jgit | 5.10.0.202012080955-r | 6.6.1.202309021850-r |
| HIGH | CVE-2021-37714 | Crafted input may cause the jsoup HTML and XML parser to get stuck | org.jsoup:jsoup | 1.8.3 | 1.14.2 |
| HIGH | CVE-2021-3632 | keycloak: Anyone can register a new device when there is no device registered for passwordless login | org.keycloak:keycloak-core | 15.0.2 | 15.1.0 |
| HIGH | CVE-2021-3827 | keycloak-server-spi-private: ECP SAML binding bypasses authentication flows | org.keycloak:keycloak-saml-core | 15.0.2 | 18.0.0 |
| HIGH | CVE-2021-4133 | Keycloak: Incorrect authorization allows unpriviledged users to create other users | org.keycloak:keycloak-services | 15.0.2 | 15.1.1 |
| HIGH | CVE-2023-0264 | user impersonation via stolen uuid code | org.keycloak:keycloak-services | 15.0.2 | 21.0.1 |
| HIGH | CVE-2023-2422 | oauth client impersonation | org.keycloak:keycloak-services | 15.0.2 | 21.1.2 |
| HIGH | CVE-2014-3530 | PicketLink: XXE via insecure DocumentBuilderFactory usage | org.picketlink:picketlink-common | 2.5.5.SP12-redhat-00009 | 2.7.0.Final |
| HIGH | CVE-2020-13692 | postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML | org.postgresql:postgresql | 42.2.5 | 42.2.13 |
| HIGH | CVE-2022-21724 | jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes | org.postgresql:postgresql | 42.2.5 | 42.2.25, 42.3.2 |
| HIGH | CVE-2022-31197 | postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names | org.postgresql:postgresql | 42.2.5 | 42.2.26, 42.4.1, 42.3.7 |
| HIGH | CVE-2022-3143 | wildfly-elytron: possible timing attacks via use of unsafe comparator | org.wildfly.security:wildfly-elytron | 1.15.3.Final | 1.15.15.Final, 1.20.3.Final |
| HIGH | CVE-2022-3143 | wildfly-elytron: possible timing attacks via use of unsafe comparator | org.wildfly.security:wildfly-elytron | 1.15.3.Final | 1.15.15.Final, 1.20.3.Final |
| HIGH | CVE-2022-1471 | Constructor Deserialization Remote Code Execution | org.yaml:snakeyaml | 1.26 | 2.0 |
| HIGH | CVE-2022-25857 | Denial of Service due to missing nested depth limitation for collections | org.yaml:snakeyaml | 1.26 | 1.31 |
| MEDIUM | CVE-2021-3468 | Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket | avahi-libs | 0.7-20.el8 | |
| MEDIUM | CVE-2023-1981 | avahi-daemon can be crashed via DBus | avahi-libs | 0.7-20.el8 | |
| MEDIUM | CVE-2023-38469 | Reachable assertion in avahi_dns_packet_append_record | avahi-libs | 0.7-20.el8 | |
| MEDIUM | CVE-2023-38470 | Reachable assertion in avahi_escape_label | avahi-libs | 0.7-20.el8 | |
| MEDIUM | CVE-2023-38471 | Reachable assertion in dbus_set_host_name | avahi-libs | 0.7-20.el8 | |
| MEDIUM | CVE-2023-38472 | Reachable assertion in avahi_rdata_parse | avahi-libs | 0.7-20.el8 | |
| MEDIUM | CVE-2023-38473 | Reachable assertion in avahi_alternative_host_name | avahi-libs | 0.7-20.el8 | |
| MEDIUM | CVE-2023-32324 | heap buffer overflow may lead to DoS | cups-libs | 1:2.2.6-40.el8 | |
| MEDIUM | CVE-2023-34241 | use-after-free in cupsdAcceptClient() in scheduler/client.c | cups-libs | 1:2.2.6-40.el8 | |
| MEDIUM | CVE-2023-4504 | Postscript Parsing Heap Overflow | cups-libs | 1:2.2.6-40.el8 | |
| MEDIUM | CVE-2022-22576 | curl: OAUTH2 bearer bypass in connection re-use | curl | 7.61.1-22.el8 | 7.61.1-22.el8_6.3 |
| MEDIUM | CVE-2022-27774 | curl: credential leak on redirect | curl | 7.61.1-22.el8 | 7.61.1-22.el8_6.3 |
| MEDIUM | CVE-2022-27776 | curl: auth/cookie leak on redirect | curl | 7.61.1-22.el8 | 7.61.1-22.el8_6.3 |
| MEDIUM | CVE-2022-27782 | TLS and SSH connection too eager reuse | curl | 7.61.1-22.el8 | 7.61.1-22.el8_6.3 |
| MEDIUM | CVE-2022-32206 | HTTP compression denial of service | curl | 7.61.1-22.el8 | 7.61.1-22.el8_6.4 |
| MEDIUM | CVE-2022-32208 | FTP-KRB bad message verification | curl | 7.61.1-22.el8 | 7.61.1-22.el8_6.4 |
| MEDIUM | CVE-2023-23916 | HTTP multi-header compression denial of service | curl | 7.61.1-22.el8 | 7.61.1-25.el8_7.3 |
| MEDIUM | CVE-2023-27535 | FTP too eager connection reuse | curl | 7.61.1-22.el8 | 7.61.1-30.el8_8.2 |
| MEDIUM | CVE-2023-27536 | GSS delegation too eager connection re-use | curl | 7.61.1-22.el8 | 7.61.1-30.el8_8.3 |
| MEDIUM | CVE-2023-28321 | IDN wildcard match may lead to Improper Cerificate Validation | curl | 7.61.1-22.el8 | 7.61.1-30.el8_8.3 |
| MEDIUM | CVE-2022-42010 | dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets | dbus-libs | 1:1.12.8-14.el8 | 1:1.12.8-23.el8_7.1 |
| MEDIUM | CVE-2022-42011 | dbus-daemon can be crashed by messages with array length inconsistent with element type | dbus-libs | 1:1.12.8-14.el8 | 1:1.12.8-23.el8_7.1 |
| MEDIUM | CVE-2022-42012 |
_dbus_marshal_byteswap doesn't process fds in messages with "foreign" endianness correctly |
dbus-libs | 1:1.12.8-14.el8 | 1:1.12.8-23.el8_7.1 |
| MEDIUM | CVE-2023-34969 | assertion failure when a monitor is active and a message from the driver cannot be delivered | dbus-libs | 1:1.12.8-14.el8 | 1:1.12.8-24.el8_8.1 |
| MEDIUM | CVE-2021-45960 | Large number of prefixed XML attributes on a single tag can crash libexpat | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| MEDIUM | CVE-2021-46143 | Integer overflow in doProlog in xmlparse.c | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| MEDIUM | CVE-2022-22822 | Integer overflow in addBinding in xmlparse.c | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| MEDIUM | CVE-2022-22823 | Integer overflow in build_model in xmlparse.c | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| MEDIUM | CVE-2022-22824 | Integer overflow in defineAttribute in xmlparse.c | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| MEDIUM | CVE-2022-22825 | Integer overflow in lookup in xmlparse.c | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| MEDIUM | CVE-2022-22826 | Integer overflow in nextScaffoldPart in xmlparse.c | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| MEDIUM | CVE-2022-22827 | Integer overflow in storeAtts in xmlparse.c | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| MEDIUM | CVE-2022-23852 | Integer overflow in function XML_GetBuffer | expat | 2.2.5-4.el8 | 2.2.5-4.el8_5.3 |
| MEDIUM | CVE-2022-23990 | integer overflow in the doProlog function | expat | 2.2.5-4.el8 | |
| MEDIUM | CVE-2022-25313 | Stack exhaustion in doctype parsing | expat | 2.2.5-4.el8 | 2.2.5-8.el8_6.2 |
| MEDIUM | CVE-2022-25314 | Integer overflow in copyString() | expat | 2.2.5-4.el8 | 2.2.5-8.el8_6.2 |
| MEDIUM | CVE-2022-43680 | use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate | expat | 2.2.5-4.el8 | 2.2.5-10.el8_7.1 |
| MEDIUM | CVE-2022-27404 | Buffer overflow in sfnt_init_face | freetype | 2.9.1-4.el8_3.1 | 2.9.1-9.el8 |
| MEDIUM | CVE-2022-27405 | Segmentation violation via FNT_Size_Request | freetype | 2.9.1-4.el8_3.1 | 2.9.1-9.el8 |
| MEDIUM | CVE-2022-27406 | Segmentation violation via FT_Request_Size | freetype | 2.9.1-4.el8_3.1 | 2.9.1-9.el8 |
| MEDIUM | CVE-2022-22624 | webkitgtk: Use-after-free leading to arbitrary code execution | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 |
| MEDIUM | CVE-2022-22628 | webkitgtk: Use-after-free leading to arbitrary code execution | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 |
| MEDIUM | CVE-2022-22629 | webkitgtk: Buffer overflow leading to arbitrary code execution | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 |
| MEDIUM | CVE-2022-22662 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-26700 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-26709 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-26710 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-26716 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-26717 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-26719 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-30293 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-32792 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-32816 | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 | |
| MEDIUM | CVE-2022-32891 | UI spoofing while Visiting a website that frames malicious content | glib2 | 2.56.4-156.el8 | 2.56.4-159.el8 |
| MEDIUM | CVE-2021-3999 | Off-by-one buffer overflow/underflow in getcwd() | glibc | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2022-23218 | Stack-based buffer overflow in svcunix_create via long pathnames | glibc | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2022-23219 | Stack-based buffer overflow in sunrpc clnt_create via a long pathname | glibc | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2023-4527 | Stack read overflow in getaddrinfo in no-aaaa mode | glibc | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2023-4806 | potential use-after-free in getaddrinfo() | glibc | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2023-4813 | potential use-after-free in gaih_inet() | glibc | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2021-3999 | Off-by-one buffer overflow/underflow in getcwd() | glibc-common | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2022-23218 | Stack-based buffer overflow in svcunix_create via long pathnames | glibc-common | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2022-23219 | Stack-based buffer overflow in sunrpc clnt_create via a long pathname | glibc-common | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2023-4527 | Stack read overflow in getaddrinfo in no-aaaa mode | glibc-common | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2023-4806 | potential use-after-free in getaddrinfo() | glibc-common | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2023-4813 | potential use-after-free in gaih_inet() | glibc-common | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2021-3999 | Off-by-one buffer overflow/underflow in getcwd() | glibc-langpack-en | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2022-23218 | Stack-based buffer overflow in svcunix_create via long pathnames | glibc-langpack-en | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2022-23219 | Stack-based buffer overflow in sunrpc clnt_create via a long pathname | glibc-langpack-en | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2023-4527 | Stack read overflow in getaddrinfo in no-aaaa mode | glibc-langpack-en | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2023-4806 | potential use-after-free in getaddrinfo() | glibc-langpack-en | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2023-4813 | potential use-after-free in gaih_inet() | glibc-langpack-en | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2021-3999 | Off-by-one buffer overflow/underflow in getcwd() | glibc-minimal-langpack | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2022-23218 | Stack-based buffer overflow in svcunix_create via long pathnames | glibc-minimal-langpack | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2022-23219 | Stack-based buffer overflow in sunrpc clnt_create via a long pathname | glibc-minimal-langpack | 2.28-164.el8 | 2.28-164.el8_5.3 |
| MEDIUM | CVE-2023-4527 | Stack read overflow in getaddrinfo in no-aaaa mode | glibc-minimal-langpack | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2023-4806 | potential use-after-free in getaddrinfo() | glibc-minimal-langpack | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2023-4813 | potential use-after-free in gaih_inet() | glibc-minimal-langpack | 2.28-164.el8 | 2.28-225.el8_8.6 |
| MEDIUM | CVE-2022-34903 | Signature spoofing via status line injection | gnupg2 | 2.2.20-2.el8 | 2.2.20-3.el8_6 |
| MEDIUM | CVE-2022-2509 | Double free during gnutls_pkcs7_verify | gnutls | 3.6.16-4.el8 | 3.6.16-5.el8_6 |
| MEDIUM | CVE-2023-0361 | timing side-channel in the TLS RSA key exchange code | gnutls | 3.6.16-4.el8 | 3.6.16-6.el8_7 |
| MEDIUM | CVE-2023-25193 | allows attackers to trigger O(n^2) growth via consecutive marks | harfbuzz | 1.7.5-3.el8 | |
| MEDIUM | CVE-2022-21248 | OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21277 | Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21282 | Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21283 | Unexpected exception thrown in regex Pattern (Libraries, 8268813) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21291 | OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21293 | Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21294 | Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21296 | Incorrect access checks in XMLEntityManager (JAXP, 8270498) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21299 | Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21305 | OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21340 | OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21341 | OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272 | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21360 | OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21365 | OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21366 | OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.14.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21426 | Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.15.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21434 | Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.15.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21443 | Missing check for negative ObjectIdentifier (Libraries, 8275151) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.15.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21496 | URI parsing inconsistencies (JNDI, 8278972) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.15.0.9-2.el8_5 |
| MEDIUM | CVE-2022-21540 | class compilation issue (Hotspot, 8281859) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.16.0.8-1.el8_6 |
| MEDIUM | CVE-2022-21541 | improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.16.0.8-1.el8_6 |
| MEDIUM | CVE-2022-21618 | improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.17.0.8-2.el8_6 |
| MEDIUM | CVE-2022-21626 | excessive memory allocation in X.509 certificate parsing (Security, 8286533) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.17.0.8-2.el8_6 |
| MEDIUM | CVE-2022-21628 | HttpServer no connection count limit (Lightweight HTTP Server, 8286918) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.17.0.8-2.el8_6 |
| MEDIUM | CVE-2022-33068 | integer overflow in the component hb-ot-shape-fallback.cc | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | |
| MEDIUM | CVE-2023-21835 | handshake DoS attack against DTLS connections (JSSE, 8287411) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.18.0.10-2.el8_7 |
| MEDIUM | CVE-2023-21939 | Swing HTML parsing issue (8296832) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.19.0.7-1.el8_7 |
| MEDIUM | CVE-2023-21954 | incorrect enqueue of references in garbage collector (8298191) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.19.0.7-1.el8_7 |
| MEDIUM | CVE-2023-21967 | certificate validation issue in TLS session negotiation (8298310) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.19.0.7-1.el8_7 |
| MEDIUM | CVE-2023-22036 | ZIP file parsing infinite loop (8302483) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.20.0.8-2.el8 |
| MEDIUM | CVE-2023-22041 | weakness in AES implementation (8308682) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.20.0.8-2.el8 |
| MEDIUM | CVE-2023-22049 | improper handling of slash characters in URI-to-path conversion (8305312) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.20.0.8-2.el8 |
| MEDIUM | CVE-2023-22081 | certificate path validation issue during client authentication (8309966) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.21.0.9-2.el8 |
| MEDIUM | CVE-2023-25193 | allows attackers to trigger O(n^2) growth via consecutive marks | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.20.0.8-2.el8 |
| MEDIUM | CVE-2020-17049 | delegation constrain bypass in S4U2Proxy | krb5-libs | 1.18.2-14.el8 | |
| MEDIUM | CVE-2018-16435 | lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow | lcms2 | 2.9-2.el8 | |
| MEDIUM | CVE-2021-23177 | libarchive: extracting a symlink with ACLs modifies ACLs of target | libarchive | 3.3.3-1.el8 | 3.3.3-3.el8_5 |
| MEDIUM | CVE-2021-31566 | libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file | libarchive | 3.3.3-1.el8 | 3.3.3-3.el8_5 |
| MEDIUM | CVE-2023-30571 | Race condition in multi-threaded use of archive_write_disk_header() on posix based systems | libarchive | 3.3.3-1.el8 | |
| MEDIUM | CVE-2023-2603 | Integer Overflow in _libcap_strdup() | libcap | 2.26-5.el8 | 2.48-5.el8_8 |
| MEDIUM | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | libcom_err | 1.45.6-2.el8 | 1.45.6-5.el8 |
| MEDIUM | CVE-2022-22576 | curl: OAUTH2 bearer bypass in connection re-use | libcurl | 7.61.1-22.el8 | 7.61.1-22.el8_6.3 |
| MEDIUM | CVE-2022-27774 | curl: credential leak on redirect | libcurl | 7.61.1-22.el8 | 7.61.1-22.el8_6.3 |
| MEDIUM | CVE-2022-27776 | curl: auth/cookie leak on redirect | libcurl | 7.61.1-22.el8 | 7.61.1-22.el8_6.3 |
| MEDIUM | CVE-2022-27782 | TLS and SSH connection too eager reuse | libcurl | 7.61.1-22.el8 | 7.61.1-22.el8_6.3 |
| MEDIUM | CVE-2022-32206 | HTTP compression denial of service | libcurl | 7.61.1-22.el8 | 7.61.1-22.el8_6.4 |
| MEDIUM | CVE-2022-32208 | FTP-KRB bad message verification | libcurl | 7.61.1-22.el8 | 7.61.1-22.el8_6.4 |
| MEDIUM | CVE-2023-23916 | HTTP multi-header compression denial of service | libcurl | 7.61.1-22.el8 | 7.61.1-25.el8_7.3 |
| MEDIUM | CVE-2023-27535 | FTP too eager connection reuse | libcurl | 7.61.1-22.el8 | 7.61.1-30.el8_8.2 |
| MEDIUM | CVE-2023-27536 | GSS delegation too eager connection re-use | libcurl | 7.61.1-22.el8 | 7.61.1-30.el8_8.3 |
| MEDIUM | CVE-2023-28321 | IDN wildcard match may lead to Improper Cerificate Validation | libcurl | 7.61.1-22.el8 | 7.61.1-30.el8_8.3 |
| MEDIUM | CVE-2021-42694 | Developer environment: Homoglyph characters can lead to trojan source attack | libgcc | 8.5.0-4.el8_5 | |
| MEDIUM | CVE-2023-4039 | -fstack-protector fails to guard dynamic stack allocations on ARM64 | libgcc | 8.5.0-4.el8_5 | |
| MEDIUM | CVE-2019-12904 | Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-ch | libgcrypt | 1.8.5-6.el8 | |
| MEDIUM | CVE-2021-40528 | ElGamal implementation allows plaintext recovery | libgcrypt | 1.8.5-6.el8 | 1.8.5-7.el8_6 |
| MEDIUM | CVE-2019-2201 | libjpeg-turbo: several integer overflows and subsequent segfaults when attempting to compress/decomp | libjpeg-turbo | 1.5.3-12.el8 | |
| MEDIUM | CVE-2020-13790 | heap-based buffer over-read in get_rgb_row() in rdppm.c | libjpeg-turbo | 1.5.3-12.el8 | |
| MEDIUM | CVE-2021-29390 | heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c | libjpeg-turbo | 1.5.3-12.el8 | |
| MEDIUM | CVE-2023-1667 | NULL pointer dereference during rekeying with algorithm guessing | libssh | 0.9.4-3.el8 | 0.9.6-10.el8_8 |
| MEDIUM | CVE-2023-2283 | authorization bypass in pki_verify_data_signature | libssh | 0.9.4-3.el8 | 0.9.6-10.el8_8 |
| MEDIUM | CVE-2023-1667 | NULL pointer dereference during rekeying with algorithm guessing | libssh-config | 0.9.4-3.el8 | 0.9.6-10.el8_8 |
| MEDIUM | CVE-2023-2283 | authorization bypass in pki_verify_data_signature | libssh-config | 0.9.4-3.el8 | 0.9.6-10.el8_8 |
| MEDIUM | CVE-2021-42694 | Developer environment: Homoglyph characters can lead to trojan source attack | libstdc++ | 8.5.0-4.el8_5 | |
| MEDIUM | CVE-2023-4039 | -fstack-protector fails to guard dynamic stack allocations on ARM64 | libstdc++ | 8.5.0-4.el8_5 | |
| MEDIUM | CVE-2021-46848 | Out-of-bound access in ETYPE_OK | libtasn1 | 4.13-3.el8 | 4.13-4.el8_7 |
| MEDIUM | CVE-2021-46828 | libtirpc: DoS vulnerability with lots of connections | libtirpc | 1.1.4-5.el8 | 1.1.4-6.el8 |
| MEDIUM | CVE-2016-3709 | Incorrect server side include parsing can lead to XSS | libxml2 | 2.9.7-9.el8_4.2 | 2.9.7-15.el8 |
| MEDIUM | CVE-2022-23308 | Use-after-free of ID and IDREF attributes | libxml2 | 2.9.7-9.el8_4.2 | 2.9.7-12.el8_5 |
| MEDIUM | CVE-2022-29824 | integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write | libxml2 | 2.9.7-9.el8_4.2 | 2.9.7-13.el8_6.1 |
| MEDIUM | CVE-2022-40303 | integer overflows with XML_PARSE_HUGE | libxml2 | 2.9.7-9.el8_4.2 | 2.9.7-15.el8_7.1 |
| MEDIUM | CVE-2022-40304 | dict corruption caused by entity reference cycles | libxml2 | 2.9.7-9.el8_4.2 | 2.9.7-15.el8_7.1 |
| MEDIUM | CVE-2023-28484 | NULL dereference in xmlSchemaFixupComplexType | libxml2 | 2.9.7-9.el8_4.2 | 2.9.7-16.el8_8.1 |
| MEDIUM | CVE-2023-29469 | Hashing of empty dict strings isn't deterministic | libxml2 | 2.9.7-9.el8_4.2 | 2.9.7-16.el8_8.1 |
| MEDIUM | CVE-2023-39615 | crafted xml can cause global buffer overflow | libxml2 | 2.9.7-9.el8_4.2 | |
| MEDIUM | CVE-2019-17543 | lz4: heap-based buffer overflow in LZ4_write32 | lz4-libs | 1.8.3-3.el8_4 | |
| MEDIUM | CVE-2023-29491 | Local users can trigger security-relevant memory corruption via malformed data | ncurses-base | 6.1-9.20180224.el8 | 6.1-9.20180224.el8_8.1 |
| MEDIUM | CVE-2023-29491 | Local users can trigger security-relevant memory corruption via malformed data | ncurses-libs | 6.1-9.20180224.el8 | 6.1-9.20180224.el8_8.1 |
| MEDIUM | CVE-2023-5388 | timing attack against RSA decryption | nss | 3.67.0-6.el8_4 | |
| MEDIUM | CVE-2023-5388 | timing attack against RSA decryption | nss-softokn | 3.67.0-6.el8_4 | |
| MEDIUM | CVE-2023-5388 | timing attack against RSA decryption | nss-softokn-freebl | 3.67.0-6.el8_4 | |
| MEDIUM | CVE-2023-5388 | timing attack against RSA decryption | nss-sysinit | 3.67.0-6.el8_4 | |
| MEDIUM | CVE-2023-5388 | timing attack against RSA decryption | nss-util | 3.67.0-6.el8_4 | |
| MEDIUM | CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | openssl | 1:1.1.1k-4.el8 | 1:1.1.1k-5.el8_5 |
| MEDIUM | CVE-2022-1292 | c_rehash script allows command injection | openssl | 1:1.1.1k-4.el8 | 1:1.1.1k-7.el8_6 |
| MEDIUM | CVE-2022-2068 | the c_rehash script allows command injection | openssl | 1:1.1.1k-4.el8 | 1:1.1.1k-7.el8_6 |
| MEDIUM | CVE-2022-2097 | AES OCB fails to encrypt some bytes | openssl | 1:1.1.1k-4.el8 | 1:1.1.1k-7.el8_6 |
| MEDIUM | CVE-2022-4304 | timing attack in RSA Decryption implementation | openssl | 1:1.1.1k-4.el8 | 1:1.1.1k-9.el8_7 |
| MEDIUM | CVE-2022-4450 | double free after calling PEM_read_bio_ex | openssl | 1:1.1.1k-4.el8 | 1:1.1.1k-9.el8_7 |
| MEDIUM | CVE-2023-0215 | use-after-free following BIO_new_NDEF | openssl | 1:1.1.1k-4.el8 | 1:1.1.1k-9.el8_7 |
| MEDIUM | CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | openssl-libs | 1:1.1.1k-4.el8 | 1:1.1.1k-5.el8_5 |
| MEDIUM | CVE-2022-1292 | c_rehash script allows command injection | openssl-libs | 1:1.1.1k-4.el8 | 1:1.1.1k-7.el8_6 |
| MEDIUM | CVE-2022-2068 | the c_rehash script allows command injection | openssl-libs | 1:1.1.1k-4.el8 | 1:1.1.1k-7.el8_6 |
| MEDIUM | CVE-2022-2097 | AES OCB fails to encrypt some bytes | openssl-libs | 1:1.1.1k-4.el8 | 1:1.1.1k-7.el8_6 |
| MEDIUM | CVE-2022-4304 | timing attack in RSA Decryption implementation | openssl-libs | 1:1.1.1k-4.el8 | 1:1.1.1k-9.el8_7 |
| MEDIUM | CVE-2022-4450 | double free after calling PEM_read_bio_ex | openssl-libs | 1:1.1.1k-4.el8 | 1:1.1.1k-9.el8_7 |
| MEDIUM | CVE-2023-0215 | use-after-free following BIO_new_NDEF | openssl-libs | 1:1.1.1k-4.el8 | 1:1.1.1k-9.el8_7 |
| MEDIUM | CVE-2022-1586 | Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c | pcre2 | 10.32-2.el8 | 10.32-3.el8_6 |
| MEDIUM | CVE-2015-20107 | python: mailcap: findmatch() function does not sanitize the second argument | platform-python | 3.6.8-41.el8 | 3.6.8-47.el8_6 |
| MEDIUM | CVE-2020-10735 | int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to | platform-python | 3.6.8-41.el8 | 3.6.8-48.el8_7.1 |
| MEDIUM | CVE-2021-28861 | open redirection vulnerability in lib/http/server.py may lead to information disclosure | platform-python | 3.6.8-41.el8 | 3.6.8-48.el8_7.1 |
| MEDIUM | CVE-2021-4189 | ftplib should not use the host from the PASV response | platform-python | 3.6.8-41.el8 | 3.6.8-45.el8 |
| MEDIUM | CVE-2022-0391 | urllib.parse does not sanitize URLs containing ASCII newline and tabs | platform-python | 3.6.8-41.el8 | 3.6.8-47.el8_6 |
| MEDIUM | CVE-2022-45061 | CPU denial of service via inefficient IDNA decoder | platform-python | 3.6.8-41.el8 | 3.6.8-48.el8_7.1 |
| MEDIUM | CVE-2022-40897 | Regular Expression Denial of Service (ReDoS) in package_index.py | platform-python-setuptools | 39.2.0-6.el8 | 39.2.0-6.el8_7.1 |
| MEDIUM | CVE-2015-20107 | python: mailcap: findmatch() function does not sanitize the second argument | python3-libs | 3.6.8-41.el8 | 3.6.8-47.el8_6 |
| MEDIUM | CVE-2020-10735 | int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to | python3-libs | 3.6.8-41.el8 | 3.6.8-48.el8_7.1 |
| MEDIUM | CVE-2021-28861 | open redirection vulnerability in lib/http/server.py may lead to information disclosure | python3-libs | 3.6.8-41.el8 | 3.6.8-48.el8_7.1 |
| MEDIUM | CVE-2021-4189 | ftplib should not use the host from the PASV response | python3-libs | 3.6.8-41.el8 | 3.6.8-45.el8 |
| MEDIUM | CVE-2022-0391 | urllib.parse does not sanitize URLs containing ASCII newline and tabs | python3-libs | 3.6.8-41.el8 | 3.6.8-47.el8_6 |
| MEDIUM | CVE-2022-45061 | CPU denial of service via inefficient IDNA decoder | python3-libs | 3.6.8-41.el8 | 3.6.8-48.el8_7.1 |
| MEDIUM | CVE-2022-40897 | Regular Expression Denial of Service (ReDoS) in package_index.py | python3-setuptools-wheel | 39.2.0-6.el8 | 39.2.0-6.el8_7.1 |
| MEDIUM | CVE-2021-3521 | rpm: RPM does not require subkeys to have a valid binding signature | rpm | 4.14.3-19.el8 | 4.14.3-19.el8_5.2 |
| MEDIUM | CVE-2021-35937 | TOCTOU race in checks for unsafe symlinks | rpm | 4.14.3-19.el8 | |
| MEDIUM | CVE-2021-35938 | races with chown/chmod/capabilities calls during installation | rpm | 4.14.3-19.el8 | |
| MEDIUM | CVE-2021-35939 | checks for unsafe symlinks are not performed for intermediary directories | rpm | 4.14.3-19.el8 | |
| MEDIUM | CVE-2021-3521 | rpm: RPM does not require subkeys to have a valid binding signature | rpm-libs | 4.14.3-19.el8 | 4.14.3-19.el8_5.2 |
| MEDIUM | CVE-2021-35937 | TOCTOU race in checks for unsafe symlinks | rpm-libs | 4.14.3-19.el8 | |
| MEDIUM | CVE-2021-35938 | races with chown/chmod/capabilities calls during installation | rpm-libs | 4.14.3-19.el8 | |
| MEDIUM | CVE-2021-35939 | checks for unsafe symlinks are not performed for intermediary directories | rpm-libs | 4.14.3-19.el8 | |
| MEDIUM | CVE-2020-24736 | Crash due to misuse of window functions. | sqlite-libs | 3.26.0-15.el8 | 3.26.0-18.el8_8 |
| MEDIUM | CVE-2020-35527 | Out of bounds access during table rename | sqlite-libs | 3.26.0-15.el8 | 3.26.0-16.el8_6 |
| MEDIUM | CVE-2022-35737 | an array-bounds overflow if billions of bytes are used in a string argument to a C API | sqlite-libs | 3.26.0-15.el8 | 3.26.0-17.el8_7 |
| MEDIUM | CVE-2018-20839 | systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in clea | systemd-libs | 239-51.el8 | |
| MEDIUM | CVE-2022-3821 | buffer overrun in format_timespan() function | systemd-libs | 239-51.el8 | 239-68.el8_7.1 |
| MEDIUM | CVE-2022-4415 | local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting | systemd-libs | 239-51.el8 | 239-68.el8_7.4 |
| MEDIUM | CVE-2023-26604 | privilege escalation via the less pager | systemd-libs | 239-51.el8 | 239-74.el8_8.2 |
| MEDIUM | CVE-2005-2541 | tar: does not properly warn the user when extracting setuid or setgid files | tar | 2:1.30-5.el8 | |
| MEDIUM | CVE-2022-48303 | heap buffer overflow at from_header() in list.c via specially crafted checksum | tar | 2:1.30-5.el8 | 2:1.30-6.el8_7.1 |
| MEDIUM | CVE-2022-37434 | heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra fie | zlib | 1.2.11-17.el8 | 1.2.11-19.el8_6 |
| MEDIUM | CVE-2023-45853 | integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 | zlib | 1.2.11-17.el8 | |
| MEDIUM | CVE-2022-40152 | woodstox to serialise XML data was vulnerable to Denial of Service attacks | com.fasterxml.woodstox:woodstox-core | 6.0.3 | 6.4.0, 5.4.0 |
| MEDIUM | CVE-2023-2976 | insecure temporary directory creation | com.google.guava:guava | 30.1-jre | 32.0.0 |
| MEDIUM | CVE-2023-2976 | insecure temporary directory creation | com.google.guava:guava | 30.1-jre | 32.0.0 |
| MEDIUM | CVE-2022-3171 | timeout in parser leads to DoS | com.google.protobuf:protobuf-java | 3.12.2 | 3.21.7, 3.20.3, 3.19.6, 3.16.3 |
| MEDIUM | CVE-2023-3635 | GzipSource class improper exception handling | com.squareup.okio:okio | 1.13.0 | 3.4.0 |
| MEDIUM | CVE-2021-29425 | apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 | commons-io:commons-io | 2.5 | 2.7 |
| MEDIUM | CVE-2021-3597 | undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS | io.undertow:undertow-core | 2.2.5.Final | 2.2.9.Final, 2.0.39.Final |
| MEDIUM | CVE-2021-3597 | undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS | io.undertow:undertow-core | 2.2.5.Final | 2.2.9.Final, 2.0.39.Final |
| MEDIUM | CVE-2021-2471 | mysql-connector-java: unauthorized access to critical | mysql:mysql-connector-java | 8.0.22 | 8.0.27 |
| MEDIUM | CVE-2022-21363 | Difficult to exploit vulnerability allows high privileged attacker with network access via multiple | mysql:mysql-connector-java | 8.0.22 | 8.0.28 |
| MEDIUM | CVE-2021-4040 | Malformed message can result in partial DoS (OOM) | org.apache.activemq:artemis-core-client | 2.16.0 | 2.19.1 |
| MEDIUM | CVE-2021-4040 | Malformed message can result in partial DoS (OOM) | org.apache.activemq:artemis-core-client | 2.16.0 | 2.19.1 |
| MEDIUM | CVE-2022-35278 | AMQ Broker web console HTML Injection | org.apache.activemq:artemis-server | 2.16.0 | 2.24.0 |
| MEDIUM | CVE-2022-45787 | Temporary File Information Disclosure in MIME4J TempFileStorageProvider | org.apache.james:apache-mime4j | 0.6 | 0.8.9 |
| MEDIUM | CVE-2021-38153 | Timing Attack Vulnerability for Apache Kafka Connect and Clients | org.apache.kafka:kafka-clients | 2.7.0 | 2.6.3, 2.7.2, 2.8.1 |
| MEDIUM | CVE-2023-44483 | Private Key disclosure in debug-log output | org.apache.santuario:xmlsec | 2.1.6 | 2.3.4, 2.2.6, 3.0.3 |
| MEDIUM | CVE-2023-35887 | information exposure in SFTP server implementations | org.apache.sshd:sshd-common | 2.3.0 | 2.10.0 |
| MEDIUM | CVE-2023-35887 | information exposure in SFTP server implementations | org.apache.sshd:sshd-common | 2.3.0 | 2.10.0 |
| MEDIUM | CVE-2023-35887 | information exposure in SFTP server implementations | org.apache.sshd:sshd-common | 2.3.0 | 2.10.0 |
| MEDIUM | CVE-2023-35887 | information exposure in SFTP server implementations | org.apache.sshd:sshd-common | 2.4.0 | 2.10.0 |
| MEDIUM | CVE-2023-35887 | information exposure in SFTP server implementations | org.apache.sshd:sshd-core | 2.4.0 | 2.10.0 |
| MEDIUM | CVE-2023-31582 | Insecure iteration count setting | org.bitbucket.b_c:jose4j | 0.7.2 | 0.9.3 |
| MEDIUM | GHSA-jgvc-jfgh-rjvv | Chosen Ciphertext Attack in Jose4j | org.bitbucket.b_c:jose4j | 0.7.2 | 0.9.3 |
| MEDIUM | CVE-2023-33201 | potential blind LDAP injection attack using a self-signed certificate | org.bouncycastle:bcprov-jdk15on | 1.68 | |
| MEDIUM | CVE-2022-40149 | parser crash by stackoverflow | org.codehaus.jettison:jettison | 1.4.0 | 1.5.1 |
| MEDIUM | CVE-2023-45960 | XML External Entity on SAXReader | org.dom4j:dom4j | 2.1.3 | |
| MEDIUM | CVE-2022-36033 | The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is | org.jsoup:jsoup | 1.8.3 | 1.15.3 |
| MEDIUM | CVE-2021-20323 | POST based reflected Cross Site Scripting vulnerability | org.keycloak:keycloak-core | 15.0.2 | 17.0.0 |
| MEDIUM | CVE-2021-3754 | allows using email as username | org.keycloak:keycloak-core | 15.0.2 | |
| MEDIUM | CVE-2021-3856 | ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a re | org.keycloak:keycloak-core | 15.0.2 | 15.1.0 |
| MEDIUM | CVE-2022-0225 | keycloak: Stored XSS in groups dropdown | org.keycloak:keycloak-core | 15.0.2 | |
| MEDIUM | CVE-2022-1466 | keycloak: Improper authorization for master realm | org.keycloak:keycloak-core | 15.0.2 | 17.0.1 |
| MEDIUM | CVE-2023-0091 | keycloak: Client Registration endpoint does not check token revocation | org.keycloak:keycloak-core | 15.0.2 | 20.0.3 |
| MEDIUM | CVE-2023-0105 | impersonation and lockout possible through incorrect handling of email trust | org.keycloak:keycloak-core | 15.0.2 | 22.0.1 |
| MEDIUM | CVE-2023-1664 | Untrusted Certificate Validation | org.keycloak:keycloak-core | 15.0.2 | 21.1.2 |
| MEDIUM | GHSA-755v-r4x4-qf7m | Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown | org.keycloak:keycloak-core | 15.0.2 | 20.0.0 |
| MEDIUM | CVE-2023-2585 | client access via device auth request spoof | org.keycloak:keycloak-server-spi-private | 15.0.2 | 21.1.2 |
| MEDIUM | CVE-2021-3424 | keycloak: Internationalized domain name (IDN) homograph attack to impersonate users | org.keycloak:keycloak-services | 15.0.2 | 18.0.0 |
| MEDIUM | CVE-2022-1274 | keycloak: HTML injection in execute-actions-email Admin REST API | org.keycloak:keycloak-services | 15.0.2 | 20.0.5 |
| MEDIUM | CVE-2022-1438 | XSS on impersonation under specific circumstances | org.keycloak:keycloak-services | 15.0.2 | |
| MEDIUM | CVE-2023-2585 | client access via device auth request spoof | org.keycloak:keycloak-services | 15.0.2 | 21.1.2 |
| MEDIUM | CVE-2022-41946 | Information leak of prepared statement data due to insecure temporary file permissions | org.postgresql:postgresql | 42.2.5 | 42.2.27, 42.3.8, 42.4.3, 42.5.1 |
| MEDIUM | GHSA-673j-qm5f-xpv8 | pgjdbc Arbitrary File Write Vulnerability | org.postgresql:postgresql | 42.2.5 | 42.3.3 |
| MEDIUM | CVE-2021-3642 | wildfly-elytron: possible timing attack in ScramServer | org.wildfly.security:wildfly-elytron | 1.15.3.Final | 1.10.14, 1.15.5, 1.16.1 |
| MEDIUM | CVE-2021-3642 | wildfly-elytron: possible timing attack in ScramServer | org.wildfly.security:wildfly-elytron | 1.15.3.Final | 1.10.14, 1.15.5, 1.16.1 |
| MEDIUM | CVE-2022-38749 | Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode | org.yaml:snakeyaml | 1.26 | 1.31 |
| MEDIUM | CVE-2022-38750 | Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject | org.yaml:snakeyaml | 1.26 | 1.31 |
| MEDIUM | CVE-2022-38751 | Uncaught exception in java.base/java.util.regex.Pattern$Ques.match | org.yaml:snakeyaml | 1.26 | 1.31 |
| MEDIUM | CVE-2022-38752 | Uncaught exception in java.base/java.util.ArrayList.hashCode | org.yaml:snakeyaml | 1.26 | 1.32 |
| MEDIUM | CVE-2022-41854 | DoS via stack overflow | org.yaml:snakeyaml | 1.26 | 1.32 |
| MEDIUM | CVE-2022-23437 | xerces-j2: infinite loop when handling specially crafted XML document payloads | xerces:xercesImpl | 2.12.0.SP03 | 2.12.2 |
| LOW | CVE-2017-6519 | Multicast DNS responds to unicast queries outside of local network | avahi-libs | 0.7-20.el8 | |
| LOW | CVE-2019-12900 | bzip2: out-of-bounds write in function BZ2_decompress | bzip2-libs | 1.0.6-26.el8 | |
| LOW | CVE-2021-25317 | cups: insecure permissions of /var/log/cups allows for symlink attacks | cups-libs | 1:2.2.6-40.el8 | |
| LOW | CVE-2022-35252 | Incorrect handling of control code characters in cookies | curl | 7.61.1-22.el8 | 7.61.1-30.el8 |
| LOW | CVE-2022-43552 | Use-after-free triggered by an HTTP proxy deny response | curl | 7.61.1-22.el8 | 7.61.1-30.el8 |
| LOW | CVE-2023-27534 | SFTP path ~ resolving discrepancy | curl | 7.61.1-22.el8 | |
| LOW | CVE-2023-28322 | more POST-after-PUT confusion | curl | 7.61.1-22.el8 | |
| LOW | CVE-2023-38546 | cookie injection with none file | curl | 7.61.1-22.el8 | |
| LOW | CVE-2020-35512 | dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour | dbus-libs | 1:1.12.8-14.el8 | |
| LOW | CVE-2021-33294 | an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service | elfutils-libelf | 0.185-1.el8 | |
| LOW | CVE-2019-8905 | file: stack-based buffer over-read in do_core_note in readelf.c | file-libs | 5.33-20.el8 | |
| LOW | CVE-2019-8906 | file: out-of-bounds read in do_core_note in readelf.c | file-libs | 5.33-20.el8 | |
| LOW | CVE-2023-4156 | heap out of bound read in builtin.c | gawk | 4.2.1-2.el8 | |
| LOW | CVE-2023-29499 | GVariant offset table entry size is not checked in is_normal() | glib2 | 2.56.4-156.el8 | |
| LOW | CVE-2023-32611 | g_variant_byteswap() can take a long time with some non-normal inputs | glib2 | 2.56.4-156.el8 | |
| LOW | CVE-2023-32636 | Timeout in fuzz_variant_text | glib2 | 2.56.4-156.el8 | |
| LOW | CVE-2023-32665 | GVariant deserialisation does not match spec for non-normal data | glib2 | 2.56.4-156.el8 | |
| LOW | CVE-2021-43618 | Integer overflow and resultant buffer overflow via crafted input | gmp | 1:6.1.2-10.el8 | |
| LOW | CVE-2022-3219 | denial of service issue (resource consumption) using compressed packets | gnupg2 | 2.2.20-2.el8 | |
| LOW | CVE-2021-4209 | Null pointer dereference in MD_UPDATE | gnutls | 3.6.16-4.el8 | |
| LOW | CVE-2022-21619 | improper handling of long NTLM client hostnames (Security, 8286526) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.17.0.8-2.el8_6 |
| LOW | CVE-2022-21624 | insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.17.0.8-2.el8_6 |
| LOW | CVE-2022-3857 | Null pointer dereference leads to segmentation fault | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | |
| LOW | CVE-2022-39399 | missing SNI caching in HTTP/2 (Networking, 8289366) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.17.0.8-2.el8_6 |
| LOW | CVE-2023-21843 | soundbank URL remote loading (Sound, 8293742) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.18.0.10-2.el8_7 |
| LOW | CVE-2023-21937 | missing string checks for NULL characters (8296622) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.19.0.7-1.el8_7 |
| LOW | CVE-2023-21938 | incorrect handling of NULL characters in ProcessBuilder (8295304) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.19.0.7-1.el8_7 |
| LOW | CVE-2023-21968 | missing check for slash characters in URI-to-path conversion (8298667) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.19.0.7-1.el8_7 |
| LOW | CVE-2023-22006 | HTTP client insufficient file name validation (8302475) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.20.0.8-2.el8 |
| LOW | CVE-2023-22045 | array indexing integer overflow issue (8304468) | java-11-openjdk-headless | 1:11.0.13.0.8-3.el8_5 | 1:11.0.20.0.8-2.el8 |
| LOW | CVE-2018-1000879 | libarchive: NULL pointer dereference in ACL parser resulting in a denial of service | libarchive | 3.3.3-1.el8 | |
| LOW | CVE-2018-1000880 | libarchive: Improper input validation in WARC parser resulting in a denial of service | libarchive | 3.3.3-1.el8 | |
| LOW | CVE-2020-21674 | libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string. | libarchive | 3.3.3-1.el8 | |
| LOW | CVE-2022-36227 | NULL pointer dereference in archive_write.c | libarchive | 3.3.3-1.el8 | 3.3.3-5.el8 |
| LOW | CVE-2023-2602 | Memory Leak on pthread_create() Error | libcap | 2.26-5.el8 | 2.48-5.el8_8 |
| LOW | CVE-2022-35252 | Incorrect handling of control code characters in cookies | libcurl | 7.61.1-22.el8 | 7.61.1-30.el8 |
| LOW | CVE-2022-43552 | Use-after-free triggered by an HTTP proxy deny response | libcurl | 7.61.1-22.el8 | 7.61.1-30.el8 |
| LOW | CVE-2023-27534 | SFTP path ~ resolving discrepancy | libcurl | 7.61.1-22.el8 | |
| LOW | CVE-2023-28322 | more POST-after-PUT confusion | libcurl | 7.61.1-22.el8 | |
| LOW | CVE-2023-38546 | cookie injection with none file | libcurl | 7.61.1-22.el8 | |
| LOW | CVE-2018-20657 | libiberty: Memory leak in demangle_template function resulting in a denial of service | libgcc | 8.5.0-4.el8_5 | |
| LOW | CVE-2019-14250 | binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow | libgcc | 8.5.0-4.el8_5 | |
| LOW | CVE-2022-27943 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const | libgcc | 8.5.0-4.el8_5 | |
| LOW | CVE-2020-35538 | Null pointer dereference in jcopy_sample_rows() function | libjpeg-turbo | 1.5.3-12.el8 | |
| LOW | CVE-2019-7317 | libpng: use-after-free in png_image_free in png.c | libpng | 2:1.6.34-5.el8 | |
| LOW | CVE-2022-3857 | Null pointer dereference leads to segmentation fault | libpng | 2:1.6.34-5.el8 | |
| LOW | CVE-2021-3634 | libssh: possible heap-based buffer overflow when rekeying | libssh | 0.9.4-3.el8 | 0.9.6-3.el8 |
| LOW | CVE-2021-3634 | libssh: possible heap-based buffer overflow when rekeying | libssh-config | 0.9.4-3.el8 | 0.9.6-3.el8 |
| LOW | CVE-2018-20657 | libiberty: Memory leak in demangle_template function resulting in a denial of service | libstdc++ | 8.5.0-4.el8_5 | |
| LOW | CVE-2019-14250 | binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow | libstdc++ | 8.5.0-4.el8_5 | |
| LOW | CVE-2022-27943 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const | libstdc++ | 8.5.0-4.el8_5 | |
| LOW | CVE-2018-1000654 | libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion | libtasn1 | 4.13-3.el8 | |
| LOW | CVE-2023-45322 | use-after-free in xmlUnlinkNode() in tree.c | libxml2 | 2.9.7-9.el8_4.2 | |
| LOW | CVE-2021-24032 | Race condition allows attacker to access world-readable destination file | libzstd | 1.4.4-1.el8 | |
| LOW | CVE-2018-19211 | ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c | ncurses-base | 6.1-9.20180224.el8 | |
| LOW | CVE-2018-19217 | ncurses: Null pointer dereference at function _nc_name_match | ncurses-base | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19185 | 1373 | ncurses-base | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19186 | 66 | ncurses-base | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19187 | 1100 | ncurses-base | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19188 | 1116 | ncurses-base | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19189 | 997 | ncurses-base | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19190 | 70 | ncurses-base | 6.1-9.20180224.el8 | |
| LOW | CVE-2021-39537 | heap-based buffer overflow in _nc_captoinfo() in captoinfo.c | ncurses-base | 6.1-9.20180224.el8 | |
| LOW | CVE-2018-19211 | ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c | ncurses-libs | 6.1-9.20180224.el8 | |
| LOW | CVE-2018-19217 | ncurses: Null pointer dereference at function _nc_name_match | ncurses-libs | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19185 | 1373 | ncurses-libs | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19186 | 66 | ncurses-libs | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19187 | 1100 | ncurses-libs | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19188 | 1116 | ncurses-libs | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19189 | 997 | ncurses-libs | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-19190 | 70 | ncurses-libs | 6.1-9.20180224.el8 | |
| LOW | CVE-2021-39537 | heap-based buffer overflow in _nc_captoinfo() in captoinfo.c | ncurses-libs | 6.1-9.20180224.el8 | |
| LOW | CVE-2020-12413 | Information exposure when DH secret are reused across multiple TLS connections | nss | 3.67.0-6.el8_4 | |
| LOW | CVE-2020-12413 | Information exposure when DH secret are reused across multiple TLS connections | nss-softokn | 3.67.0-6.el8_4 | |
| LOW | CVE-2020-12413 | Information exposure when DH secret are reused across multiple TLS connections | nss-softokn-freebl | 3.67.0-6.el8_4 | |
| LOW | CVE-2020-12413 | Information exposure when DH secret are reused across multiple TLS connections | nss-sysinit | 3.67.0-6.el8_4 | |
| LOW | CVE-2020-12413 | Information exposure when DH secret are reused across multiple TLS connections | nss-util | 3.67.0-6.el8_4 | |
| LOW | CVE-2023-2953 | null pointer dereference in ber_memalloc_x function | openldap | 2.4.46-18.el8 | |
| LOW | CVE-2023-0464 | Denial of service by excessive resource usage in verifying X509 policy constraints | openssl | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-0465 | Invalid certificate policies in leaf certificates are silently ignored | openssl | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-0466 | Certificate policy check not enabled | openssl | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers | openssl | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-3446 | Excessive time spent checking DH keys and parameters | openssl | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-3817 | Excessive time spent checking DH q parameter value | openssl | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-0464 | Denial of service by excessive resource usage in verifying X509 policy constraints | openssl-libs | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-0465 | Invalid certificate policies in leaf certificates are silently ignored | openssl-libs | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-0466 | Certificate policy check not enabled | openssl-libs | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers | openssl-libs | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-3446 | Excessive time spent checking DH keys and parameters | openssl-libs | 1:1.1.1k-4.el8 | |
| LOW | CVE-2023-3817 | Excessive time spent checking DH q parameter value | openssl-libs | 1:1.1.1k-4.el8 | |
| LOW | CVE-2021-3737 | HTTP client possible infinite loop on a 100 Continue response | platform-python | 3.6.8-41.el8 | 3.6.8-45.el8 |
| LOW | CVE-2018-20225 | python-pip: when --extra-index-url option is used and package does not already exist in the public i | platform-python-pip | 9.0.3-20.el8 | |
| LOW | CVE-2021-3737 | HTTP client possible infinite loop on a 100 Continue response | python3-libs | 3.6.8-41.el8 | 3.6.8-45.el8 |
| LOW | CVE-2018-20225 | python-pip: when --extra-index-url option is used and package does not already exist in the public i | python3-pip-wheel | 9.0.3-20.el8 | |
| LOW | CVE-2019-19244 | sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain | sqlite-libs | 3.26.0-15.el8 | |
| LOW | CVE-2019-9936 | sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c | sqlite-libs | 3.26.0-15.el8 | |
| LOW | CVE-2019-9937 | sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c | sqlite-libs | 3.26.0-15.el8 | |
| LOW | CVE-2020-35525 | Null pointer derreference in src/select.c | sqlite-libs | 3.26.0-15.el8 | 3.26.0-16.el8_6 |
| LOW | CVE-2021-3997 | Uncontrolled recursion in systemd-tmpfiles when removing files | systemd-libs | 239-51.el8 | |
| LOW | CVE-2019-9923 | tar: null-pointer dereference in pax_decode_header in sparse.c | tar | 2:1.30-5.el8 | |
| LOW | CVE-2021-20193 | tar: Memory leak in read_header() in list.c | tar | 2:1.30-5.el8 | |
| LOW | CVE-2020-8908 | local information disclosure via temporary directory created with unsafe permissions | com.google.guava:guava | 30.1-jre | 32.0.0 |
| LOW | CVE-2020-8908 | local information disclosure via temporary directory created with unsafe permissions | com.google.guava:guava | 30.1-jre | 32.0.0 |
| LOW | GHSA-mwm4-5qwr-g9pf | Keycloak is vulnerable to IDN homograph attack | org.keycloak:keycloak-services | 15.0.2 | 18.0.0 |
| LOW | CVE-2022-26520 | postgresql-jdbc: Arbitrary File Write Vulnerability | org.postgresql:postgresql | 42.2.5 | 42.3.3 |
| LOW | CVE-2021-3644 | wildfly-core: Invalid Sensitivity Classification of Vault Expression | org.wildfly.core:wildfly-server | 15.0.1.Final | 16.0.1.Final, 17.0.0.Beta3 |
Date: 2023-10-31