Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-12133 (GCVE-0-2024-12133)
Vulnerability from cvelistv5 – Published: 2025-02-10 15:28 – Updated: 2026-07-14 12:37- CWE-407 - Inefficient Algorithmic Complexity
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 4.20.0
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:4.13-5.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:3.6.14-10.el8_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:4.13-3.el8_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.6.14-10.el8_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:4.13-3.el8_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:3.6.16-5.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:4.13-3.el8_6.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.6.16-5.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:4.13-3.el8_6.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:3.6.16-7.el8_8.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:4.13-4.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:3.6.16-7.el8_8.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:4.13-4.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:4.16.0-9.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:4.16.0-8.el9_2.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:4.16.0-8.el9_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos |
|
| Red Hat | Red Hat Discovery 1.14 |
Unaffected:
1.14.3-1748529279 , < *
(rpm)
cpe:/a:redhat:discovery:1.14::el9 |
|
| Red Hat | Red Hat Discovery 1.14 |
Unaffected:
1.14.2-1748467619 , < *
(rpm)
cpe:/a:redhat:discovery:1.14::el9 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX MX5000RE |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1400 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1500 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1501 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1510 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1511 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1512 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1524 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1536 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX5000 |
Affected:
0 , < V2.17.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-23T13:10:59.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/06/6"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250523-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T16:25:41.090444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T16:26:20.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:37:32.924Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-202008.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/gnutls/libtasn1/",
"defaultStatus": "unaffected",
"packageName": "libtasn1",
"versions": [
{
"lessThan": "4.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-5.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-5.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.14-10.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-3.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.14-10.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-3.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-5.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-3.el8_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-5.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-3.el8_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-7.el8_8.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-4.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-7.el8_8.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.13-4.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.16.0-9.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.16.0-9.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.16.0-8.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.16.0-8.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Red Hat Discovery 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.14.3-1748529279",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.14.2-1748467619",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "libtasn1",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Bing Shi for reporting this issue."
}
],
"datePublic": "2025-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T02:10:12.696Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:17347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17347"
},
{
"name": "RHSA-2025:4049",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:4049"
},
{
"name": "RHSA-2025:7077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7077"
},
{
"name": "RHSA-2025:8021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:8021"
},
{
"name": "RHSA-2025:8385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"name": "RHSA-2026:30849",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"name": "RHSA-2026:30850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30850"
},
{
"name": "RHSA-2026:33125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33125"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"name": "RHBZ#2344611",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"url": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"
},
{
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-10T08:14:05.460Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-10T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-407: Inefficient Algorithmic Complexity"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12133",
"datePublished": "2025-02-10T15:28:03.193Z",
"dateReserved": "2024-12-04T03:13:48.478Z",
"dateUpdated": "2026-07-14T12:37:32.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-12133",
"date": "2026-07-15",
"epss": "0.0107",
"percentile": "0.61018"
},
"microsoft_vex": {
"current_release_date": "2026-02-19T01:16:42.000Z",
"cve": "CVE-2024-12133",
"id": "msrc_CVE-2024-12133",
"initial_release_date": "2025-02-02T00:00:00.000Z",
"product_status:fixed": "6",
"product_status:known_affected": "6",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2024-12133.json",
"version": "4"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-12133\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-02-10T16:15:37.260\",\"lastModified\":\"2026-06-30T03:16:39.960\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.\"},{\"lang\":\"es\",\"value\":\"Una falla en libtasn1 provoca un manejo ineficiente de datos de certificados espec\u00edficos. Al procesar una gran cantidad de elementos en un certificado, libtasn1 tarda mucho m\u00e1s de lo esperado, lo que puede ralentizar o incluso bloquear el sistema. Esta falla permite que un atacante env\u00ede un certificado especialmente manipulado, lo que provoca un ataque de denegaci\u00f3n de servicio.\"}],\"affected\":[{\"source\":\"secalert@redhat.com\",\"affectedData\":[{\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://gitlab.com/gnutls/libtasn1/\",\"packageName\":\"libtasn1\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"4.20.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\",\"cpe:/o:redhat:enterprise_linux:8::baseos\"],\"versions\":[{\"version\":\"0:4.13-5.el8_10\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\",\"cpe:/o:redhat:enterprise_linux:8::baseos\"],\"versions\":[{\"version\":\"0:4.13-5.el8_10\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"gnutls\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\",\"cpe:/o:redhat:rhel_aus:8.4::baseos\",\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"],\"versions\":[{\"version\":\"0:3.6.14-10.el8_4.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\",\"cpe:/o:redhat:rhel_aus:8.4::baseos\",\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"],\"versions\":[{\"version\":\"0:4.13-3.el8_4.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"gnutls\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\",\"cpe:/o:redhat:rhel_aus:8.4::baseos\",\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"],\"versions\":[{\"version\":\"0:3.6.14-10.el8_4.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\",\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\",\"cpe:/o:redhat:rhel_aus:8.4::baseos\",\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"],\"versions\":[{\"version\":\"0:4.13-3.el8_4.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"gnutls\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\",\"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\",\"cpe:/o:redhat:rhel_aus:8.6::baseos\",\"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"],\"versions\":[{\"version\":\"0:3.6.16-5.el8_6.5\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\",\"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\",\"cpe:/o:redhat:rhel_aus:8.6::baseos\",\"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"],\"versions\":[{\"version\":\"0:4.13-3.el8_6.2\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"gnutls\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\",\"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\",\"cpe:/o:redhat:rhel_aus:8.6::baseos\",\"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"],\"versions\":[{\"version\":\"0:3.6.16-5.el8_6.5\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\",\"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\",\"cpe:/o:redhat:rhel_aus:8.6::baseos\",\"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"],\"versions\":[{\"version\":\"0:4.13-3.el8_6.2\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"gnutls\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\",\"cpe:/a:redhat:rhel_tus:8.8::appstream\",\"cpe:/o:redhat:rhel_e4s:8.8::baseos\",\"cpe:/o:redhat:rhel_tus:8.8::baseos\"],\"versions\":[{\"version\":\"0:3.6.16-7.el8_8.4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\",\"cpe:/a:redhat:rhel_tus:8.8::appstream\",\"cpe:/o:redhat:rhel_e4s:8.8::baseos\",\"cpe:/o:redhat:rhel_tus:8.8::baseos\"],\"versions\":[{\"version\":\"0:4.13-4.el8_8.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"gnutls\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\",\"cpe:/a:redhat:rhel_tus:8.8::appstream\",\"cpe:/o:redhat:rhel_e4s:8.8::baseos\",\"cpe:/o:redhat:rhel_tus:8.8::baseos\"],\"versions\":[{\"version\":\"0:3.6.16-7.el8_8.4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\",\"cpe:/a:redhat:rhel_tus:8.8::appstream\",\"cpe:/o:redhat:rhel_e4s:8.8::baseos\",\"cpe:/o:redhat:rhel_tus:8.8::baseos\"],\"versions\":[{\"version\":\"0:4.13-4.el8_8.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\",\"cpe:/o:redhat:enterprise_linux:9::baseos\"],\"versions\":[{\"version\":\"0:4.16.0-9.el9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\",\"cpe:/o:redhat:enterprise_linux:9::baseos\"],\"versions\":[{\"version\":\"0:4.16.0-9.el9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\",\"cpe:/o:redhat:rhel_e4s:9.2::baseos\"],\"versions\":[{\"version\":\"0:4.16.0-8.el9_2.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.4 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\",\"cpe:/o:redhat:rhel_eus:9.4::baseos\"],\"versions\":[{\"version\":\"0:4.16.0-8.el9_4.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Discovery 1.14\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"discovery/discovery-server-rhel9\",\"cpes\":[\"cpe:/a:redhat:discovery:1.14::el9\"],\"versions\":[{\"version\":\"1.14.3-1748529279\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Discovery 1.14\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"discovery/discovery-ui-rhel9\",\"cpes\":[\"cpe:/a:redhat:discovery:1.14::el9\"],\"versions\":[{\"version\":\"1.14.2-1748467619\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"libtasn1\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX MX5000\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX MX5000RE\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX RX1400\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX RX1500\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX RX1501\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX RX1510\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX RX1511\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX RX1512\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX RX1524\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX RX1536\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM ROX RX5000\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V2.17.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-02-10T16:25:41.090444Z\",\"id\":\"CVE-2024-12133\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-407\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:17347\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:4049\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:7077\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:8021\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:8385\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30849\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30850\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33125\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-12133\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2344611\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://gitlab.com/gnutls/libtasn1/-/issues/52\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/02/06/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250523-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-202008.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-06-30T04:35:11+00:00",
"cve": "CVE-2024-12133",
"id": "CVE-2024-12133",
"initial_release_date": "2024-01-01T00:00:00+00:00",
"product_status:fixed": "470",
"product_status:known_affected": "13",
"product_status:known_not_affected": "26",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/02/06/6\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250523-0003/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-23T13:10:59.480Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX MX5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX MX5000RE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1400\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1500\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1501\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1510\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1511\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1512\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1524\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX1536\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM ROX RX5000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-202008.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-07-14T12:37:32.924Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12133\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-10T16:25:41.090444Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-10T16:25:48.564Z\"}}], \"cna\": {\"title\": \"Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Bing Shi for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.20.0\", \"versionType\": \"semver\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://gitlab.com/gnutls/libtasn1/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\", \"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.13-5.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\", \"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.13-5.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.6.14-10.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.13-3.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.6.14-10.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.13-3.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.6.16-5.el8_6.5\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.13-3.el8_6.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.6.16-5.el8_6.5\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.13-3.el8_6.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\", \"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.6.16-7.el8_8.4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\", \"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.13-4.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\", \"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.6.16-7.el8_8.4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"gnutls\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\", \"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.13-4.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.16.0-9.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.16.0-9.el9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\", \"cpe:/o:redhat:rhel_e4s:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.16.0-8.el9_2.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\", \"cpe:/o:redhat:rhel_eus:9.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.16.0-8.el9_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:1.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 1.14\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.14.3-1748529279\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-server-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:1.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 1.14\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.14.2-1748467619\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-ui-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"libtasn1\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-02-10T08:14:05.460Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-02-10T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-02-10T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:17347\", \"name\": \"RHSA-2025:17347\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:4049\", \"name\": \"RHSA-2025:4049\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:7077\", \"name\": \"RHSA-2025:7077\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:8021\", \"name\": \"RHSA-2025:8021\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:8385\", \"name\": \"RHSA-2025:8385\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30849\", \"name\": \"RHSA-2026:30849\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30850\", \"name\": \"RHSA-2026:30850\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33125\", \"name\": \"RHSA-2026:33125\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-12133\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2344611\", \"name\": \"RHBZ#2344611\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md\"}, {\"url\": \"https://gitlab.com/gnutls/libtasn1/-/issues/52\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-407\", \"description\": \"Inefficient Algorithmic Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-30T02:10:12.696Z\"}, \"x_redhatCweChain\": \"CWE-407: Inefficient Algorithmic Complexity\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-12133\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-14T12:37:32.924Z\", \"dateReserved\": \"2024-12-04T03:13:48.478Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-02-10T15:28:03.193Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
NCSC-2025-0382
Vulnerability from csaf_ncscnl - Published: 2025-12-09 13:15 - Updated: 2025-12-09 13:15A vulnerability in shadow 4.5's newgidmap allows unprivileged users to exploit user namespaces, potentially bypassing access restrictions set by administrators.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
GnuPG versions 2.2.4 and 2.2.5 have a vulnerability (CVE-2018-9234) that allows remote attackers to bypass security restrictions by using a signing subkey for key certification without enforcing the offline master Certify key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The 'remember_Ktype' function in cplus-dem.c of GNU libiberty, present in GNU Binutils 2.30, is susceptible to excessive memory consumption, which may result in out-of-memory conditions during cxxfilt execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The libseccomp 2.4.1 update resolves a BPF generation bug, enhances syscall tables, addresses CVE-2019-9893, and improves support for various architectures while fixing prior 64-bit syscall argument comparison issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The updates for ClamAV version 0.103.0 and bzip2 address multiple security vulnerabilities, including non-blocking database reloads in ClamAV and out-of-bounds writes in bzip2, enhancing overall functionality and security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Versions of cpio prior to 2.13 have a vulnerability due to improper input validation when generating TAR archives, allowing unauthorized file permissions and paths that could compromise systems upon extraction by high-privilege users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Red Hat Enterprise Linux and its components, including json-c and libfastjson, have multiple vulnerabilities, particularly an integer overflow and out-of-bounds write issue (CVE-2020-12762) affecting large JSON files, allowing potential arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The libcpu component of elfutils version 0.177 has a denial-of-service vulnerability that can be exploited by attackers through specially crafted ELF files, leading to application crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
C-ares versions before 1.16.1 and up to 1.17.0 have a buffer overflow vulnerability in the ares_parse_soa_reply function, addressed by the libcares2 update for CVE-2020-22217.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A NULL pointer dereference vulnerability in SQLite 3.31.1 can cause out-of-memory errors during INTERSECT query processing, potentially leading to Denial of Service attacks in affected NetApp products.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for OpenJDK versions 1.7, 1.8, and 11 address multiple vulnerabilities related to TLS ciphers, memory allocation, and keystore corruption, while Oracle Java SE and GraalVM have critical vulnerabilities allowing unauthorized access to sensitive data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for various Java versions, including IBM and OpenJDK, address multiple vulnerabilities related to memory allocation, weak cipher preferences, and denial of service risks, while enhancing functionality and security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple updates for Java versions, including IBM and OpenJDK, address various vulnerabilities such as memory allocation issues and weak cipher preferences, while also enhancing functionalities and updating to newer service refreshes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for OpenJDK and Oracle Java SE address multiple vulnerabilities, including weak TLS ciphers, excessive memory allocations, and denial of service risks across various versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple updates for IBM and OpenJDK Java versions address various vulnerabilities, including excessive memory allocation and weak cipher preferences, while also enhancing functionality and security across several releases.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for various Java versions, including IBM and OpenJDK, address multiple vulnerabilities related to memory allocation, weak cipher preferences, and denial of service risks, while enhancing functionality and security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for Java, including OpenJDK and Oracle Java SE, address multiple vulnerabilities related to memory allocation, TLS issues, and unauthorized access, with CVSS scores indicating significant risks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for Java SE, OpenJDK, and Oracle GraalVM address multiple vulnerabilities, including memory allocation issues, weak TLS ciphers, and denial of service risks, affecting various supported versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple updates for Java versions, including IBM and OpenJDK, address various vulnerabilities such as excessive memory allocation and weak cipher preferences, while also enhancing functionality and security across several versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for IBM Java and OpenJDK address multiple vulnerabilities, including memory allocation issues and weak cipher preferences, while also enhancing versions to Java 7.1 SR5, Java 8.0 SR7, and OpenJDK 8u312 and 7u321.
CWE-20 - Improper Input Validation| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for OpenJDK versions 1.7, 1.8, and 11 address multiple vulnerabilities, including TLS cipher issues and memory allocation problems, while Oracle Java SE and GraalVM Enterprise Edition have vulnerabilities that could compromise data confidentiality.
CWE-203 - Observable Discrepancy| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Red Hat Enterprise Linux and SELinux versions up to 3.2 have multiple vulnerabilities, including use-after-free and Denial of Service risks, potentially allowing attackers to execute arbitrary code or cause service disruptions.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Red Hat Enterprise Linux and SELinux versions up to 3.2 have multiple vulnerabilities, including denial of service and arbitrary code execution risks, affecting various components and products, particularly those utilizing SELinux.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Red Hat Enterprise Linux and SELinux versions up to 3.2 have multiple vulnerabilities, including denial of service and arbitrary code execution, affecting various components and requiring user interaction or elevated privileges for exploitation.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Red Hat Enterprise Linux and SELinux 3.2 have multiple vulnerabilities, including denial of service and arbitrary code execution risks, affecting various components and requiring user interaction or elevated privileges for exploitation.
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
GNU cpio version 2.13 is vulnerable to remote code execution due to an integer overflow in the ds_fgetstr function when processing specially crafted pattern files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise 15 SP4 and SP5 kernels were updated to address multiple security vulnerabilities, including memory leaks and use-after-free issues, across various kernel versions and components.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise 12 and 15 SP5 kernels, including RT and Azure variants, were updated to address multiple security vulnerabilities such as memory leaks and use-after-free issues, enhancing overall system security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels and Linux Kernel versions have been updated to address multiple security vulnerabilities, including memory corruption, race conditions, and remote stack overflow issues, alongside various non-security bug fixes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates to various SUSE Linux Enterprise kernels and Linux Kernel versions addressed multiple security vulnerabilities, including privilege escalation, memory corruption, and transient execution side-channel attacks across several service packs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including privilege escalation and memory access issues, alongside mitigations for transient execution side-channel attacks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The SUSE Linux Enterprise kernels (12 SP2, SP3, SP4, SP5, and 15 SP1, SP3) were updated to address various security vulnerabilities, including memory leaks, use-after-free, double free issues, and information leak flaws.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple updates were released for SUSE Linux Enterprise kernels addressing various security vulnerabilities and non-security bugs, including memory management issues, privilege escalation risks, and access control flaws.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels across multiple versions have been updated to address various security vulnerabilities, including RETBLEED, use-after-free issues, and non-security bug fixes, enhancing overall system stability.
CWE-416 - Use After Free| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernel updates across various versions address multiple security vulnerabilities, including race conditions, use-after-free issues, and denial of service, alongside non-security bug fixes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates to various SUSE Linux Enterprise kernels addressed multiple security vulnerabilities, including use-after-free and memory corruption issues, across several versions and components.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates to various SUSE Linux Enterprise kernels and Linux Kernel versions addressed multiple critical security vulnerabilities, including use-after-free and memory corruption issues, across several components and drivers.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple updates across SUSE Linux Enterprise and Linux Kernel versions addressed various security vulnerabilities, including buffer overflows, use-after-free issues, and the RETBLEED attack, alongside non-security bug fixes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including memory leaks, buffer overflows, and double free issues, alongside numerous non-security bug fixes.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including memory leaks, buffer overflows, and double free issues, alongside numerous non-security bug fixes.
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates to SUSE Linux Enterprise kernels and Google Android address multiple security vulnerabilities, including privilege escalations and memory leaks, while NetApp products face risks from flaws in Linux Kernel versions up to 5.16.8.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise 15 SP3 and RT kernels were updated to address multiple security vulnerabilities, including CVEs for memory leaks, privilege escalations, and a specific out-of-array access issue in the udc-xilinx driver.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The SUSE Linux Enterprise kernels (12 SP2, SP3, SP4, SP5, and 15 SP1, SP3) and various Linux Kernel versions were updated to address multiple security vulnerabilities, including memory leaks, use-after-free, and double free issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM T (versions < V3.0) allows authenticated attackers to exploit improper validation of POST request parameters, potentially leading to denial of service or arbitrary code execution.
CWE-141 - Improper Neutralization of Parameter/Argument Delimiters| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM T devices (versions < V3.0) allows unauthenticated attackers to exploit improper validation of GET and POST request parameters, leading to potential denial of service or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM T (versions < V3.0) allows unauthenticated attackers to capture unencrypted HTTP web traffic, potentially disrupting device functionality.
CWE-319 - Cleartext Transmission of Sensitive Information| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM T (versions < V3.0) allows unauthenticated attackers to exploit reflected XSS attacks due to improper handling of GET request parameters reflected in the web server response.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM T (versions < V3.0) allows unauthenticated attackers to exploit unencrypted challenge-response communication, potentially gaining access to the device's management interface.
CWE-294 - Authentication Bypass by Capture-replay| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM T (versions < V3.0) allows authenticated users to access critical device information due to inadequate access protection in the web-based management interface.
CWE-306 - Missing Authentication for Critical Function| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM T (versions < V3.0) allows authenticated attackers to exploit improper input validation in the configuration interface, enabling persistent XSS attacks affecting logged-in users.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM T (versions < V3.0) allows unauthenticated users to access internal configuration details due to inadequate access protection in the web-based management interface.
CWE-306 - Missing Authentication for Critical Function| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM T (versions < V3.0) allows unauthenticated attackers to exploit improper file handling for XSS attacks, potentially enabling actions on behalf of legitimate users via error logs.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Vulnerabilities in SICAM P850, P855, and T devices (all versions < V3.00) allow unauthenticated access to web interface pages, enabling attackers to delete log files without authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent kernel updates for SUSE Linux Enterprise and various Linux Kernel versions addressed multiple security vulnerabilities, including the RETBLEED attack, use-after-free issues, buffer overflows, and restriction bypasses related to the PT_SUSPEND_SECCOMP flag.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Vulnerabilities in SiPass integrated AC5102 and ACC-AP devices allow local and remote attackers to upload or modify firmware due to inadequate integrity checks during firmware updates.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
GnuPGP has multiple vulnerabilities, including signature forgery and status injection issues, while recent updates to gpg2 and Docker images for Dagster-cloud and Spectrafit address these security concerns.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The Linux kernel prior to version 5.18.13 contains a vulnerability in the block starting symbol (.bss) that may allow Xen PV guest OS users to perform denial of service attacks or escalate privileges.
CWE-311 - Missing Encryption of Sensitive Data| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for Quagga and FRRouting address multiple vulnerabilities, including sensitive information disclosure and denial of service risks due to BGP processing issues and out-of-bounds read vulnerabilities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates to VLC, Oracle products, zlib, and Dagster-cloud address various vulnerabilities, including critical issues in Oracle systems and security fixes in zlib and opencv-python.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM P850, P855, and T devices allows session takeover due to the acceptance of user-defined session cookies without renewal after login/logout.
CWE-384 - Session Fixation| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM P850, P855 (all versions < V3.10) and SICAM T (all versions < V3.0) devices allows unauthenticated attackers to execute arbitrary code or cause denial of service due to improper GET request parameter validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple updates across various SUSE Linux Enterprise kernels addressed critical security vulnerabilities, including stack overflows, denial of service, memory leaks, and use-after-free issues, enhancing overall system stability and security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in POWER METER models SICAM Q100, P850, P855, and T allows authenticated remote attackers to crash the device or execute arbitrary code due to improper validation of the Language-parameter in web interface requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Red Hat OpenShift and multiple NetApp products have vulnerabilities in components like 'less', allowing local attackers to execute arbitrary commands, manipulate files, or disclose sensitive information due to improper handling of shell metacharacters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels across versions 12 SP5, 15 SP2, SP3, SP4, and SP5 were updated to address multiple security vulnerabilities, including use-after-free issues, memory leaks, and kernel panics.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including memory leaks, null pointer dereferences, and race conditions, with numerous CVEs resolved.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise 15 SP3, SP4, and SP5 kernels were updated to address multiple security vulnerabilities, including memory leaks, race conditions, and null pointer dereferences, along with various non-security bug fixes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise 15 SP4 and SP5 kernels were updated to address multiple security vulnerabilities, including memory leaks, use-after-free issues, and a buffer overflow in the USB gadget's setup handler.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels across versions 12 SP5 and 15 SP4/SP5, including Azure and RT variants, received updates addressing multiple security vulnerabilities such as memory leaks and use-after-free issues, alongside driver-related fixes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple updates across various SUSE Linux Enterprise kernels, including 15 SP5, 15 SP4, and 12 SP5, addressed critical security vulnerabilities such as use-after-free and memory leaks in network and display drivers.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple updates across various SUSE Linux Enterprise kernels (15 SP5, 15 SP4, 15 SP3, 15 SP2, 12 SP5) addressed critical security vulnerabilities, including use-after-free and memory leak issues in network and display components.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise 15 SP5 and 12 SP5 kernels received updates addressing multiple security vulnerabilities, including memory leaks, use-after-free issues, and out-of-bounds access across various components.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including use-after-free issues and memory leaks in networking and display components.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SUSE Linux Enterprise kernels across versions 12 SP5 and 15 SP3 to SP5 have been updated to address multiple security vulnerabilities, including race conditions, buffer overflows, and memory management issues, alongside various non-security bug fixes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates address multiple vulnerabilities across various platforms, including Oracle Communications, Red Hat OpenShift, and shadow-utils, affecting user account management and potentially leading to unauthorized access and data leaks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for Python 3.11 and earlier versions address multiple security vulnerabilities, particularly in email parsing and libexpat, alongside various non-security improvements and fixes for CVEs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for macOS Ventura, Monterey, and Big Sur address multiple security vulnerabilities, while curl updates fix various flaws, including use-after-free and information disclosure issues, alongside a critical vulnerability in Oracle Enterprise Manager.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The shadow update addresses CVE-2023-29383 related to /etc/shadow manipulation, resolves control character injection vulnerabilities in Shadow 4.13, and includes various non-security bug fixes.
CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for macOS Ventura, Monterey, and Big Sur address critical vulnerabilities, while Oracle, Red Hat OpenShift, and ncurses have multiple security flaws that could lead to system compromise and denial-of-service conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
SICAM P850 and P855 devices (all versions < V3.11) are vulnerable to Cross-Site Request Forgery attacks, allowing unauthorized actions via malicious links targeting authenticated users.
CWE-352 - Cross-Site Request Forgery (CSRF)| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SICAM P850 and P855 devices (all versions < V3.11) allows attackers to impersonate legitimate users by exploiting missing cookie protection flags and accessing session tokens.
CWE-732 - Incorrect Permission Assignment for Critical Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The frr and quagga updates address multiple vulnerabilities, including issues with BGP attributes, zero-length NLRIs, and denial of service risks, enhancing overall stability and security.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Communications products, curl, and Siemens products allow unauthorized access, data manipulation, and potential Denial-of-Service, with CVSS scores of 6.5 for specific Oracle vulnerabilities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The FRRouting 8.5.6 update addresses multiple vulnerabilities, including crashes from crafted BGP UPDATE messages and malformed MP_REACH_NLRI data, while enhancing PIM/PIMv6/BGP and VRF support.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The frr 8.5.6 update addresses multiple vulnerabilities in BGP UPDATE processing, including denial-of-service issues and crashes from malformed messages and improper attribute handling.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for Python interpreters and Oracle Database Server address multiple security vulnerabilities, including denial of service risks and memory race conditions, alongside various bug fixes and enhancements.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates to Python address multiple security vulnerabilities, including buffer overreads and email header injection, affecting versions up to 3.9 and impacting various NetApp products.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates to various Python versions address multiple vulnerabilities, including denial of service and excessive resource consumption, particularly in the tarfile and http.cookies modules, alongside Oracle Database patches for significant vulnerabilities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for various Python versions, including venv-salt-minion, address multiple security vulnerabilities, particularly email header injection and resource consumption issues, alongside numerous bug fixes and enhancements.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for Python 3.x and Oracle products address multiple security vulnerabilities, including denial of service, excessive resource consumption, and email header injection, with varying severity levels across different versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple vulnerabilities in curl and Oracle products, including credential leakage and unauthorized data access, affect various versions of software, notably impacting cURL and Oracle Communications Unified Assurance.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates for Python address CVE-2024-11168, fixing improper validation of IPv6 and IPvFuture addresses, and resolving vulnerabilities in the `urllib.parse.urlsplit()` and `urlparse()` functions that could lead to SSRF exploits.
CWE-1287 - Improper Validation of Specified Type of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Cloud Native Core Policy, and GNU libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A flaw in GnuTLS related to inefficient DER decoding in libtasn1 can lead to denial-of-service conditions, affecting multiple NetApp products and identified as CVE-2024-12243.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The util-linux update addresses critical vulnerabilities, particularly in the 'wall' command, neutralizing escape sequences to prevent account takeover and other potential exploits in versions up to 2.40.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The Less text file viewer has an OS command execution vulnerability due to mishandled newline characters in file names, affecting multiple NetApp products and allowing remote command execution when the LESSOPEN variable is set.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
DOMPurify has addressed a nesting-based mXSS vulnerability in versions 2.5.0 and 3.1.3, while HPE Private Cloud AI has identified remote exploit vulnerabilities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Communications Cloud Native Core services and libexpat allow unauthenticated denial of service attacks, with CVSS scores of 5.9, affecting various versions and components.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Cloud Native Core and Gnome Glib versions prior to 2.82.1 expose systems to unauthorized access and buffer overflow risks, potentially leading to data compromise and service disruptions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in RUGGEDCOM ROX II (versions < V2.17.0) allows code injection in the DHCP Server configuration file, enabling attackers to gain root access via a reverse shell.
CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in RUGGEDCOM ROX II family versions prior to V2.17.0 allows attackers to inject parameters during Dynamic DNS configuration, potentially leading to root access via a reverse shell.
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in the RUGGEDCOM ROX II family (versions < V2.17.0) allows attackers to gain root access through insufficient validation during configuration file handling.
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in RUGGEDCOM ROX II devices (versions < V2.17.0) allows attackers to execute arbitrary code as root due to the SCEP client's failure to validate multiple fields during secure certificate enrollment.
CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in RUGGEDCOM ROX II (versions < V2.17.0) allows code injection via VRF, enabling attackers to execute arbitrary code with root privileges.
CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in the RUGGEDCOM ROX II family (versions < V2.17.0) allows code injection via IPsec, enabling attackers to execute arbitrary code with root privileges.
CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates to Python versions 3.6, 3.11, 3.12, and 3.13.5 address security vulnerabilities related to improper URL parsing of domain names with square brackets, which violate RFC 3986 and could lead to unauthorized data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Palo Alto Networks has addressed vulnerabilities in Prisma® Access Browser and highlighted a high-severity sandbox escape flaw in Google Chrome on Windows, linked to an incorrect handle in Mojo.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Recent updates to curl (version 8.14.1) address critical security vulnerabilities, including cache poisoning risks in WebSocket code and a denial of service flaw in Oracle Communications Unified Inventory Management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in various versions of COMOS, NX, Simcenter 3D, Simcenter Femap, and Solid Edge products allows for potential man-in-the-middle attacks due to the IAM client not validating server certificates for TLS connections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in COMOS, NX, Simcenter, and Tecnomatix products arises from the SALT SDK's failure to validate server certificates for TLS connections, risking man-in-the-middle attacks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in Gridscale X Prepay (versions < V4.2.1) allows unauthenticated remote attackers to perform user enumeration, potentially facilitating brute force attacks on valid users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in Gridscale X Prepay (versions < V4.2.1) allows locked-out users to exploit capture-replay of authentication tokens, enabling them to establish valid sessions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SINEMA Remote Connect Server (versions < V3.2 SP4) allows unauthorized access to private SSL/TLS keys, enabling attackers to impersonate the server and conduct man-in-the-middle attacks.
CWE-732 - Incorrect Permission Assignment for Critical Resource| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SINEMA Remote Connect Server (versions < V3.2 SP4) allows unauthorized modification of the system_ticketinfo table, enabling database users to bypass licensing restrictions and modify database values directly.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The document outlines a vulnerability in certain products that lack TCP sequence number validation, enabling unauthenticated remote attackers to disrupt TCP-based services through the injection of spoofed IP packets.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SINEC Security Monitor (versions < V4.10.0) allows lowly privileged authenticated local attackers to read or write any file on the server or sensor due to inadequate authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SINEC Security Monitor versions prior to V4.10.0 allows lowly privileged authenticated attackers to exploit input validation issues in the date parameter during report generation, potentially causing a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in RUGGEDCOM devices (versions below V5.10.1) allows authenticated remote attackers to exploit improper input validation during TLS certificate uploads, potentially leading to device crashes and Denial of Service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SIMATIC CN 4100 (versions < V4.0.1) exposes sensitive firmware information, compromising the device's confidentiality, integrity, and availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SIMATIC CN 4100 (versions < V4.0.1) allows an attacker with physical access to exploit an unauthenticated USB port, potentially causing a denial of service by triggering a reboot.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SIMATIC CN 4100 (versions < V4.0.1) leads to inconsistent SNMP behavior, potentially allowing unauthorized access to sensitive data and compromising confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
A vulnerability in SIMATIC CN 4100 (all versions < V4.0.1) allows affected devices to expose server information in their responses, potentially aiding attackers with network access in targeted attacks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
Elspec G5 devices up to version 1.2.2.19 have a vulnerability that allows physical access to reset the Admin password using a USB drive with a specific reset string.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
The update for binutils version 2.32 addresses multiple security vulnerabilities, including memory access issues and buffer overflows, while also introducing support for new architectures.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Siemens / Building X - Security Manager Edge Controller (ACC-AP)
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.4.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.5.2
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / COMOS V10.6
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Energy Services
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Gridscale X Prepay
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2412
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / NX V2506
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SICAM
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU DIQ
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CFU PA
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC CN 4100
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC ET 200AL IM 157-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC MV540 H Firmware
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIMATIC S7
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC INS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC NMS
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEC PNI
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SINEMA Remote Connect Server
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS ET 200MP IM 155-5 PN HF
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS HCS4200 CIM4210
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS NET PN/PN Coupler
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1212 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1214 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1200 CPU 1215 AC/DC/RLY
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-1500 CPU 1511-1 PN
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / SIPLUS S7-300 CPU 314C-2 PN/DP
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2025
|
vers:unknown/* | ||
|
vers:unknown/*
Siemens / Solid Edge SE2026
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Building X, COMOS, Energy Services, Gridscale X, NX, RUGGEDCOM, SICAM, SIMATIC, SINEC, SINEMA, SIPLUS en Solid Edge.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (root/admin rechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Verhogen van rechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"title": "CWE-96"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "general",
"text": "Improper Neutralization of Parameter/Argument Delimiters",
"title": "CWE-141"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Observable Discrepancy",
"title": "CWE-203"
},
{
"category": "general",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "general",
"text": "Improper Removal of Sensitive Information Before Storage or Transfer",
"title": "CWE-212"
},
{
"category": "general",
"text": "CWE-264",
"title": "CWE-264"
},
{
"category": "general",
"text": "Privilege Chaining",
"title": "CWE-268"
},
{
"category": "general",
"text": "Privilege Dropping / Lowering Errors",
"title": "CWE-271"
},
{
"category": "general",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
},
{
"category": "general",
"text": "Improper Preservation of Permissions",
"title": "CWE-281"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
},
{
"category": "general",
"text": "Authentication Bypass by Capture-replay",
"title": "CWE-294"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Incorrect Implementation of Authentication Algorithm",
"title": "CWE-303"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "CWE-310",
"title": "CWE-310"
},
{
"category": "general",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
},
{
"category": "general",
"text": "Use of Weak Hash",
"title": "CWE-328"
},
{
"category": "general",
"text": "Generation of Predictable Numbers or Identifiers",
"title": "CWE-340"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Improperly Implemented Security Check for Standard",
"title": "CWE-358"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Session Fixation",
"title": "CWE-384"
},
{
"category": "general",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "general",
"text": "CWE-399",
"title": "CWE-399"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Missing Lock Check",
"title": "CWE-414"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Initialization",
"title": "CWE-665"
},
{
"category": "general",
"text": "Improper Locking",
"title": "CWE-667"
},
{
"category": "general",
"text": "Exposure of Resource to Wrong Sphere",
"title": "CWE-668"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Release of Invalid Pointer or Reference",
"title": "CWE-763"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Use of Hard-coded Credentials",
"title": "CWE-798"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Missing Initialization of Resource",
"title": "CWE-909"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
},
{
"category": "general",
"text": "CWE-1214",
"title": "CWE-1214"
},
{
"category": "general",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-202008.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-212953.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-356310.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-416652.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-420375.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-471761.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-626856.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-710408.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-734261.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-763474.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868571.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-882673.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
},
{
"category": "external",
"summary": "Reference",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915282.html"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2025-12-09T13:15:05.391966Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0382",
"initial_release_date": "2025-12-09T13:15:05.391966Z",
"revision_history": [
{
"date": "2025-12-09T13:15:05.391966Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Building X - Security Manager Edge Controller (ACC-AP)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "COMOS V10.4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "COMOS V10.4.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "COMOS V10.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "COMOS V10.5.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "COMOS V10.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Energy Services"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Gridscale X Prepay"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "NX V2412"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "NX V2506"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "SICAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "SIMATIC CFU DIQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "SIMATIC CFU PA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "SIMATIC CN 4100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200AL IM 157-1 PN"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "SIMATIC MV540 H Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "SIMATIC PN/PN Coupler"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "SIMATIC S7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "SINEC INS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "SINEC PNI"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-22"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-23"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-24"
}
}
],
"category": "product_name",
"name": "SIPLUS HCS4200 CIM4210"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-25"
}
}
],
"category": "product_name",
"name": "SIPLUS NET PN/PN Coupler"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-26"
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1200 CPU 1212 AC/DC/RLY"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-27"
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1200 CPU 1214 AC/DC/RLY"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-28"
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-29"
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1500 CPU 1511-1 PN"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-30"
}
}
],
"category": "product_name",
"name": "SIPLUS S7-300 CPU 314C-2 PN/DP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-31"
}
}
],
"category": "product_name",
"name": "Solid Edge SE2025"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-32"
}
}
],
"category": "product_name",
"name": "Solid Edge SE2026"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-7169",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "other",
"text": "Privilege Dropping / Lowering Errors",
"title": "CWE-271"
},
{
"category": "description",
"text": "A vulnerability in shadow 4.5\u0027s newgidmap allows unprivileged users to exploit user namespaces, potentially bypassing access restrictions set by administrators.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2018-7169 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2018/cve-2018-7169.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2018-7169"
},
{
"cve": "CVE-2018-9234",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "GnuPG versions 2.2.4 and 2.2.5 have a vulnerability (CVE-2018-9234) that allows remote attackers to bypass security restrictions by using a signing subkey for key certification without enforcing the offline master Certify key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2018-9234 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2018/cve-2018-9234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2018-9234"
},
{
"cve": "CVE-2018-12934",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "The \u0027remember_Ktype\u0027 function in cplus-dem.c of GNU libiberty, present in GNU Binutils 2.30, is susceptible to excessive memory consumption, which may result in out-of-memory conditions during cxxfilt execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2018-12934 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2018/cve-2018-12934.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2018-12934"
},
{
"cve": "CVE-2019-9893",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"notes": [
{
"category": "other",
"text": "Improperly Implemented Security Check for Standard",
"title": "CWE-358"
},
{
"category": "other",
"text": "Covert Timing Channel",
"title": "CWE-385"
},
{
"category": "description",
"text": "The libseccomp 2.4.1 update resolves a BPF generation bug, enhances syscall tables, addresses CVE-2019-9893, and improves support for various architectures while fixing prior 64-bit syscall argument comparison issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-9893 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2019/cve-2019-9893.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2019-9893"
},
{
"cve": "CVE-2019-12900",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "CWE-1214",
"title": "CWE-1214"
},
{
"category": "description",
"text": "The updates for ClamAV version 0.103.0 and bzip2 address multiple security vulnerabilities, including non-blocking database reloads in ClamAV and out-of-bounds writes in bzip2, enhancing overall functionality and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-12900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2019/cve-2019-12900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2019-12900"
},
{
"cve": "CVE-2019-14866",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Versions of cpio prior to 2.13 have a vulnerability due to improper input validation when generating TAR archives, allowing unauthorized file permissions and paths that could compromise systems upon extraction by high-privilege users.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-14866 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2019/cve-2019-14866.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2019-14866"
},
{
"cve": "CVE-2020-12762",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "Red Hat Enterprise Linux and its components, including json-c and libfastjson, have multiple vulnerabilities, particularly an integer overflow and out-of-bounds write issue (CVE-2020-12762) affecting large JSON files, allowing potential arbitrary code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-12762 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-12762.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2020-12762"
},
{
"cve": "CVE-2020-21047",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "The libcpu component of elfutils version 0.177 has a denial-of-service vulnerability that can be exploited by attackers through specially crafted ELF files, leading to application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-21047 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-21047.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2020-21047"
},
{
"cve": "CVE-2020-22217",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "C-ares versions before 1.16.1 and up to 1.17.0 have a buffer overflow vulnerability in the ares_parse_soa_reply function, addressed by the libcares2 update for CVE-2020-22217.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-22217 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-22217.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2020-22217"
},
{
"cve": "CVE-2020-35525",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "A NULL pointer dereference vulnerability in SQLite 3.31.1 can cause out-of-memory errors during INTERSECT query processing, potentially leading to Denial of Service attacks in affected NetApp products.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-35525 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-35525.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2020-35525"
},
{
"cve": "CVE-2021-35550",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "other",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
},
{
"category": "description",
"text": "Recent updates for OpenJDK versions 1.7, 1.8, and 11 address multiple vulnerabilities related to TLS ciphers, memory allocation, and keystore corruption, while Oracle Java SE and GraalVM have critical vulnerabilities allowing unauthorized access to sensitive data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35550 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35550.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35550"
},
{
"cve": "CVE-2021-35556",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Recent updates for various Java versions, including IBM and OpenJDK, address multiple vulnerabilities related to memory allocation, weak cipher preferences, and denial of service risks, while enhancing functionality and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35556 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35556.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35556"
},
{
"cve": "CVE-2021-35559",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple updates for Java versions, including IBM and OpenJDK, address various vulnerabilities such as memory allocation issues and weak cipher preferences, while also enhancing functionalities and updating to newer service refreshes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35559 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35559.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35559"
},
{
"cve": "CVE-2021-35561",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Recent updates for OpenJDK and Oracle Java SE address multiple vulnerabilities, including weak TLS ciphers, excessive memory allocations, and denial of service risks across various versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35561 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35561"
},
{
"cve": "CVE-2021-35564",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple updates for IBM and OpenJDK Java versions address various vulnerabilities, including excessive memory allocation and weak cipher preferences, while also enhancing functionality and security across several releases.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35564 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35564.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35564"
},
{
"cve": "CVE-2021-35565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Recent updates for various Java versions, including IBM and OpenJDK, address multiple vulnerabilities related to memory allocation, weak cipher preferences, and denial of service risks, while enhancing functionality and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35565 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35565.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35565"
},
{
"cve": "CVE-2021-35567",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "Recent updates for Java, including OpenJDK and Oracle Java SE, address multiple vulnerabilities related to memory allocation, TLS issues, and unauthorized access, with CVSS scores indicating significant risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35567 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35567.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35567"
},
{
"cve": "CVE-2021-35578",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Recent updates for Java SE, OpenJDK, and Oracle GraalVM address multiple vulnerabilities, including memory allocation issues, weak TLS ciphers, and denial of service risks, affecting various supported versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35578 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35578.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35578"
},
{
"cve": "CVE-2021-35586",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple updates for Java versions, including IBM and OpenJDK, address various vulnerabilities such as excessive memory allocation and weak cipher preferences, while also enhancing functionality and security across several versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35586 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35586.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35586"
},
{
"cve": "CVE-2021-35588",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates for IBM Java and OpenJDK address multiple vulnerabilities, including memory allocation issues and weak cipher preferences, while also enhancing versions to Java 7.1 SR5, Java 8.0 SR7, and OpenJDK 8u312 and 7u321.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35588 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35588.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35588"
},
{
"cve": "CVE-2021-35603",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Discrepancy",
"title": "CWE-203"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates for OpenJDK versions 1.7, 1.8, and 11 address multiple vulnerabilities, including TLS cipher issues and memory allocation problems, while Oracle Java SE and GraalVM Enterprise Edition have vulnerabilities that could compromise data confidentiality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-35603 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-35603.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-35603"
},
{
"cve": "CVE-2021-36084",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Red Hat Enterprise Linux and SELinux versions up to 3.2 have multiple vulnerabilities, including use-after-free and Denial of Service risks, potentially allowing attackers to execute arbitrary code or cause service disruptions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-36084 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-36084.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-36084"
},
{
"cve": "CVE-2021-36085",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Red Hat Enterprise Linux and SELinux versions up to 3.2 have multiple vulnerabilities, including denial of service and arbitrary code execution risks, affecting various components and products, particularly those utilizing SELinux.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-36085 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-36085.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-36085"
},
{
"cve": "CVE-2021-36086",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Red Hat Enterprise Linux and SELinux versions up to 3.2 have multiple vulnerabilities, including denial of service and arbitrary code execution, affecting various components and requiring user interaction or elevated privileges for exploitation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-36086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-36086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-36086"
},
{
"cve": "CVE-2021-36087",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Red Hat Enterprise Linux and SELinux 3.2 have multiple vulnerabilities, including denial of service and arbitrary code execution risks, affecting various components and requiring user interaction or elevated privileges for exploitation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-36087 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-36087.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-36087"
},
{
"cve": "CVE-2021-38185",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "GNU cpio version 2.13 is vulnerable to remote code execution due to an integer overflow in the ds_fgetstr function when processing specially crafted pattern files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-38185 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-38185.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-38185"
},
{
"cve": "CVE-2021-47358",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "SUSE Linux Enterprise 15 SP4 and SP5 kernels were updated to address multiple security vulnerabilities, including memory leaks and use-after-free issues, across various kernel versions and components.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-47358 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-47358.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-47358"
},
{
"cve": "CVE-2021-47361",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "SUSE Linux Enterprise 12 and 15 SP5 kernels, including RT and Azure variants, were updated to address multiple security vulnerabilities such as memory leaks and use-after-free issues, enhancing overall system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-47361 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-47361.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2021-47361"
},
{
"cve": "CVE-2022-0435",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels and Linux Kernel versions have been updated to address multiple security vulnerabilities, including memory corruption, race conditions, and remote stack overflow issues, alongside various non-security bug fixes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-0435 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-0435.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-0435"
},
{
"cve": "CVE-2022-0492",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "description",
"text": "Recent updates to various SUSE Linux Enterprise kernels and Linux Kernel versions addressed multiple security vulnerabilities, including privilege escalation, memory corruption, and transient execution side-channel attacks across several service packs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-0492 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-0492.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-0492"
},
{
"cve": "CVE-2022-0847",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "other",
"text": "Missing Initialization of Resource",
"title": "CWE-909"
},
{
"category": "other",
"text": "Improper Initialization",
"title": "CWE-665"
},
{
"category": "other",
"text": "Improper Preservation of Permissions",
"title": "CWE-281"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including privilege escalation and memory access issues, alongside mitigations for transient execution side-channel attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-0847 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-0847.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-0847"
},
{
"cve": "CVE-2022-0850",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise kernels (12 SP2, SP3, SP4, SP5, and 15 SP1, SP3) were updated to address various security vulnerabilities, including memory leaks, use-after-free, double free issues, and information leak flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-0850 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-0850.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-0850"
},
{
"cve": "CVE-2022-1353",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"notes": [
{
"category": "other",
"text": "Improper Removal of Sensitive Information Before Storage or Transfer",
"title": "CWE-212"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "Multiple updates were released for SUSE Linux Enterprise kernels addressing various security vulnerabilities and non-security bugs, including memory management issues, privilege escalation risks, and access control flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-1353 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-1353.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-1353"
},
{
"cve": "CVE-2022-1734",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels across multiple versions have been updated to address various security vulnerabilities, including RETBLEED, use-after-free issues, and non-security bug fixes, enhancing overall system stability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-1734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-1734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-1734"
},
{
"cve": "CVE-2022-2639",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"notes": [
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernel updates across various versions address multiple security vulnerabilities, including race conditions, use-after-free issues, and denial of service, alongside non-security bug fixes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-2639 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-2639.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-2639"
},
{
"cve": "CVE-2022-2964",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates to various SUSE Linux Enterprise kernels addressed multiple security vulnerabilities, including use-after-free and memory corruption issues, across several versions and components.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-2964 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-2964.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-2964"
},
{
"cve": "CVE-2022-3424",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Recent updates to various SUSE Linux Enterprise kernels and Linux Kernel versions addressed multiple critical security vulnerabilities, including use-after-free and memory corruption issues, across several components and drivers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-3424 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-3424.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-3424"
},
{
"cve": "CVE-2022-20141",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "other",
"text": "Improper Locking",
"title": "CWE-667"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Multiple updates across SUSE Linux Enterprise and Linux Kernel versions addressed various security vulnerabilities, including buffer overflows, use-after-free issues, and the RETBLEED attack, alongside non-security bug fixes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-20141 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-20141.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-20141"
},
{
"cve": "CVE-2022-23039",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including memory leaks, buffer overflows, and double free issues, alongside numerous non-security bug fixes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-23039 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-23039.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-23039"
},
{
"cve": "CVE-2022-23040",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including memory leaks, buffer overflows, and double free issues, alongside numerous non-security bug fixes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-23040 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-23040.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-23040"
},
{
"cve": "CVE-2022-24958",
"cwe": {
"id": "CWE-763",
"name": "Release of Invalid Pointer or Reference"
},
"notes": [
{
"category": "other",
"text": "Release of Invalid Pointer or Reference",
"title": "CWE-763"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates to SUSE Linux Enterprise kernels and Google Android address multiple security vulnerabilities, including privilege escalations and memory leaks, while NetApp products face risks from flaws in Linux Kernel versions up to 5.16.8.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-24958 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-24958.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-24958"
},
{
"cve": "CVE-2022-27223",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "description",
"text": "SUSE Linux Enterprise 15 SP3 and RT kernels were updated to address multiple security vulnerabilities, including CVEs for memory leaks, privilege escalations, and a specific out-of-array access issue in the udc-xilinx driver.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-27223 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-27223.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-27223"
},
{
"cve": "CVE-2022-28390",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise kernels (12 SP2, SP3, SP4, SP5, and 15 SP1, SP3) and various Linux Kernel versions were updated to address multiple security vulnerabilities, including memory leaks, use-after-free, and double free issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-28390 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-28390.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-28390"
},
{
"cve": "CVE-2022-29872",
"cwe": {
"id": "CWE-141",
"name": "Improper Neutralization of Parameter/Argument Delimiters"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Parameter/Argument Delimiters",
"title": "CWE-141"
},
{
"category": "description",
"text": "A vulnerability in SICAM T (versions \u003c V3.0) allows authenticated attackers to exploit improper validation of POST request parameters, potentially leading to denial of service or arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29872 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29872.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29872"
},
{
"cve": "CVE-2022-29873",
"cwe": {
"id": "CWE-141",
"name": "Improper Neutralization of Parameter/Argument Delimiters"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Parameter/Argument Delimiters",
"title": "CWE-141"
},
{
"category": "description",
"text": "A vulnerability in SICAM T devices (versions \u003c V3.0) allows unauthenticated attackers to exploit improper validation of GET and POST request parameters, leading to potential denial of service or arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29873 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29873.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29873"
},
{
"cve": "CVE-2022-29874",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "description",
"text": "A vulnerability in SICAM T (versions \u003c V3.0) allows unauthenticated attackers to capture unencrypted HTTP web traffic, potentially disrupting device functionality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29874"
},
{
"cve": "CVE-2022-29876",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A vulnerability in SICAM T (versions \u003c V3.0) allows unauthenticated attackers to exploit reflected XSS attacks due to improper handling of GET request parameters reflected in the web server response.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29876 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29876.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29876"
},
{
"cve": "CVE-2022-29878",
"cwe": {
"id": "CWE-294",
"name": "Authentication Bypass by Capture-replay"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Capture-replay",
"title": "CWE-294"
},
{
"category": "description",
"text": "A vulnerability in SICAM T (versions \u003c V3.0) allows unauthenticated attackers to exploit unencrypted challenge-response communication, potentially gaining access to the device\u0027s management interface.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29878 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29878.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29878"
},
{
"cve": "CVE-2022-29879",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A vulnerability in SICAM T (versions \u003c V3.0) allows authenticated users to access critical device information due to inadequate access protection in the web-based management interface.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29879 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29879.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29879"
},
{
"cve": "CVE-2022-29880",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A vulnerability in SICAM T (versions \u003c V3.0) allows authenticated attackers to exploit improper input validation in the configuration interface, enabling persistent XSS attacks affecting logged-in users.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29880 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29880.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29880"
},
{
"cve": "CVE-2022-29881",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "A vulnerability in SICAM T (versions \u003c V3.0) allows unauthenticated users to access internal configuration details due to inadequate access protection in the web-based management interface.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29881 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29881.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29881"
},
{
"cve": "CVE-2022-29882",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A vulnerability in SICAM T (versions \u003c V3.0) allows unauthenticated attackers to exploit improper file handling for XSS attacks, potentially enabling actions on behalf of legitimate users via error logs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29882 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29882.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29882"
},
{
"cve": "CVE-2022-29883",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "description",
"text": "Vulnerabilities in SICAM P850, P855, and T devices (all versions \u003c V3.00) allow unauthenticated access to web interface pages, enabling attackers to delete log files without authentication.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29883 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-29883.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-29883"
},
{
"cve": "CVE-2022-30594",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "other",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "Recent kernel updates for SUSE Linux Enterprise and various Linux Kernel versions addressed multiple security vulnerabilities, including the RETBLEED attack, use-after-free issues, buffer overflows, and restriction bypasses related to the PT_SUSPEND_SECCOMP flag.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-30594 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-30594.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-30594"
},
{
"cve": "CVE-2022-31807",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "description",
"text": "Vulnerabilities in SiPass integrated AC5102 and ACC-AP devices allow local and remote attackers to upload or modify firmware due to inadequate integrity checks during firmware updates.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-31807 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-31807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-31807"
},
{
"cve": "CVE-2022-34903",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "GnuPGP has multiple vulnerabilities, including signature forgery and status injection issues, while recent updates to gpg2 and Docker images for Dagster-cloud and Spectrafit address these security concerns.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34903 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-34903.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-34903"
},
{
"cve": "CVE-2022-36123",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "description",
"text": "The Linux kernel prior to version 5.18.13 contains a vulnerability in the block starting symbol (.bss) that may allow Xen PV guest OS users to perform denial of service attacks or escalate privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-36123 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-36123.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-36123"
},
{
"cve": "CVE-2022-37032",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates for Quagga and FRRouting address multiple vulnerabilities, including sensitive information disclosure and denial of service risks due to BGP processing issues and out-of-bounds read vulnerabilities.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-37032 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-37032.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-37032"
},
{
"cve": "CVE-2022-37434",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "Recent updates to VLC, Oracle products, zlib, and Dagster-cloud address various vulnerabilities, including critical issues in Oracle systems and security fixes in zlib and opencv-python.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-37434 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-37434.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-40226",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"notes": [
{
"category": "other",
"text": "Session Fixation",
"title": "CWE-384"
},
{
"category": "description",
"text": "A vulnerability in SICAM P850, P855, and T devices allows session takeover due to the acceptance of user-defined session cookies without renewal after login/logout.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-40226 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-40226.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-40226"
},
{
"cve": "CVE-2022-41665",
"cwe": {
"id": "CWE-141",
"name": "Improper Neutralization of Parameter/Argument Delimiters"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Parameter/Argument Delimiters",
"title": "CWE-141"
},
{
"category": "description",
"text": "A vulnerability in SICAM P850, P855 (all versions \u003c V3.10) and SICAM T (all versions \u003c V3.0) devices allows unauthenticated attackers to execute arbitrary code or cause denial of service due to improper GET request parameter validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41665 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-41665.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-41665"
},
{
"cve": "CVE-2022-41858",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Multiple updates across various SUSE Linux Enterprise kernels addressed critical security vulnerabilities, including stack overflows, denial of service, memory leaks, and use-after-free issues, enhancing overall system stability and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41858 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-41858.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-41858"
},
{
"cve": "CVE-2022-43439",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "A vulnerability in POWER METER models SICAM Q100, P850, P855, and T allows authenticated remote attackers to crash the device or execute arbitrary code due to improper validation of the Language-parameter in web interface requests.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-43439 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-43439.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-43439"
},
{
"cve": "CVE-2022-48624",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "description",
"text": "Red Hat OpenShift and multiple NetApp products have vulnerabilities in components like \u0027less\u0027, allowing local attackers to execute arbitrary commands, manipulate files, or disclose sensitive information due to improper handling of shell metacharacters.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48624 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48624.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48624"
},
{
"cve": "CVE-2022-48626",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels across versions 12 SP5, 15 SP2, SP3, SP4, and SP5 were updated to address multiple security vulnerabilities, including use-after-free issues, memory leaks, and kernel panics.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48626 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48626.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48626"
},
{
"cve": "CVE-2022-48919",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including memory leaks, null pointer dereferences, and race conditions, with numerous CVEs resolved.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48919 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48919.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48919"
},
{
"cve": "CVE-2022-48926",
"cwe": {
"id": "CWE-414",
"name": "Missing Lock Check"
},
"notes": [
{
"category": "other",
"text": "Missing Lock Check",
"title": "CWE-414"
},
{
"category": "description",
"text": "SUSE Linux Enterprise 15 SP3, SP4, and SP5 kernels were updated to address multiple security vulnerabilities, including memory leaks, race conditions, and null pointer dereferences, along with various non-security bug fixes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48926 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48926.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48926"
},
{
"cve": "CVE-2022-48948",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "SUSE Linux Enterprise 15 SP4 and SP5 kernels were updated to address multiple security vulnerabilities, including memory leaks, use-after-free issues, and a buffer overflow in the USB gadget\u0027s setup handler.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48948"
},
{
"cve": "CVE-2022-48951",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels across versions 12 SP5 and 15 SP4/SP5, including Azure and RT variants, received updates addressing multiple security vulnerabilities such as memory leaks and use-after-free issues, alongside driver-related fixes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48951 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48951.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48951"
},
{
"cve": "CVE-2022-48960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Multiple updates across various SUSE Linux Enterprise kernels, including 15 SP5, 15 SP4, and 12 SP5, addressed critical security vulnerabilities such as use-after-free and memory leaks in network and display drivers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48960 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48960.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48960"
},
{
"cve": "CVE-2022-48962",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Multiple updates across various SUSE Linux Enterprise kernels (15 SP5, 15 SP4, 15 SP3, 15 SP2, 12 SP5) addressed critical security vulnerabilities, including use-after-free and memory leak issues in network and display components.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48962"
},
{
"cve": "CVE-2022-48966",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "SUSE Linux Enterprise 15 SP5 and 12 SP5 kernels received updates addressing multiple security vulnerabilities, including memory leaks, use-after-free issues, and out-of-bounds access across various components.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48966 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48966.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48966"
},
{
"cve": "CVE-2022-48967",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Array Index",
"title": "CWE-129"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels across various versions have been updated to address multiple security vulnerabilities, including use-after-free issues and memory leaks in networking and display components.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48967 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-48967.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-48967"
},
{
"cve": "CVE-2022-49058",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "description",
"text": "SUSE Linux Enterprise kernels across versions 12 SP5 and 15 SP3 to SP5 have been updated to address multiple security vulnerabilities, including race conditions, buffer overflows, and memory management issues, alongside various non-security bug fixes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-49058 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-49058.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2022-49058"
},
{
"cve": "CVE-2023-4641",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"notes": [
{
"category": "other",
"text": "Incorrect Implementation of Authentication Algorithm",
"title": "CWE-303"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "description",
"text": "Recent updates address multiple vulnerabilities across various platforms, including Oracle Communications, Red Hat OpenShift, and shadow-utils, affecting user account management and potentially leading to unauthorized access and data leaks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4641 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-4641.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-4641"
},
{
"cve": "CVE-2023-27043",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates for Python 3.11 and earlier versions address multiple security vulnerabilities, particularly in email parsing and libexpat, alongside various non-security improvements and fixes for CVEs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-27043 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-27043.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-28322",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "Recent updates for macOS Ventura, Monterey, and Big Sur address multiple security vulnerabilities, while curl updates fix various flaws, including use-after-free and information disclosure issues, alongside a critical vulnerability in Oracle Enterprise Manager.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-28322 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-28322.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-28322"
},
{
"cve": "CVE-2023-29383",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "The shadow update addresses CVE-2023-29383 related to /etc/shadow manipulation, resolves control character injection vulnerabilities in Shadow 4.13, and includes various non-security bug fixes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-29383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-29383"
},
{
"cve": "CVE-2023-29491",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent updates for macOS Ventura, Monterey, and Big Sur address critical vulnerabilities, while Oracle, Red Hat OpenShift, and ncurses have multiple security flaws that could lead to system compromise and denial-of-service conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29491 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-29491.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-29491"
},
{
"cve": "CVE-2023-30901",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "description",
"text": "SICAM P850 and P855 devices (all versions \u003c V3.11) are vulnerable to Cross-Site Request Forgery attacks, allowing unauthorized actions via malicious links targeting authenticated users.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-30901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-30901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-30901"
},
{
"cve": "CVE-2023-31238",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "A vulnerability in SICAM P850 and P855 devices (all versions \u003c V3.11) allows attackers to impersonate legitimate users by exploiting missing cookie protection flags and accessing session tokens.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-31238 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-31238.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-31238"
},
{
"cve": "CVE-2023-41358",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "The frr and quagga updates address multiple vulnerabilities, including issues with BGP attributes, zero-length NLRIs, and denial of service risks, enhancing overall stability and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-41358 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-41358.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-41358"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications products, curl, and Siemens products allow unauthorized access, data manipulation, and potential Denial-of-Service, with CVSS scores of 6.5 for specific Oracle vulnerabilities.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46218 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-46218.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-46753",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "The FRRouting 8.5.6 update addresses multiple vulnerabilities, including crashes from crafted BGP UPDATE messages and malformed MP_REACH_NLRI data, while enhancing PIM/PIMv6/BGP and VRF support.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46753 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-46753.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-46753"
},
{
"cve": "CVE-2023-47234",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "The frr 8.5.6 update addresses multiple vulnerabilities in BGP UPDATE processing, including denial-of-service issues and crashes from malformed messages and improper attribute handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-47234 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-47234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2023-47234"
},
{
"cve": "CVE-2024-0397",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "Recent updates for Python interpreters and Oracle Database Server address multiple security vulnerabilities, including denial of service risks and memory race conditions, alongside various bug fixes and enhancements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0397 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-0397.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-5642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates to Python address multiple security vulnerabilities, including buffer overreads and email header injection, affecting versions up to 3.9 and impacting various NetApp products.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5642 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-5642.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-5642"
},
{
"cve": "CVE-2024-6232",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "description",
"text": "Recent updates to various Python versions address multiple vulnerabilities, including denial of service and excessive resource consumption, particularly in the tarfile and http.cookies modules, alongside Oracle Database patches for significant vulnerabilities.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6232 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-6232.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6923",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Recent updates for various Python versions, including venv-salt-minion, address multiple security vulnerabilities, particularly email header injection and resource consumption issues, alongside numerous bug fixes and enhancements.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6923 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-6923.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7592",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "description",
"text": "Recent updates for Python 3.x and Oracle products address multiple security vulnerabilities, including denial of service, excessive resource consumption, and email header injection, with varying severity levels across different versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7592 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7592.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "Multiple vulnerabilities in curl and Oracle products, including credential leakage and unauthorized data access, affect various versions of software, notably impacting cURL and Oracle Communications Unified Assurance.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11053 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-11053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-11168",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Recent updates for Python address CVE-2024-11168, fixing improper validation of IPv6 and IPvFuture addresses, and resolving vulnerabilities in the `urllib.parse.urlsplit()` and `urlparse()` functions that could lead to SSRF exploits.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11168 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-11168.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-11168"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Cloud Native Core Policy, and GNU libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-12243",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "A flaw in GnuTLS related to inefficient DER decoding in libtasn1 can lead to denial-of-service conditions, affecting multiple NetApp products and identified as CVE-2024-12243.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12243 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12243.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-12243"
},
{
"cve": "CVE-2024-28085",
"cwe": {
"id": "CWE-268",
"name": "Privilege Chaining"
},
"notes": [
{
"category": "other",
"text": "Privilege Chaining",
"title": "CWE-268"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "description",
"text": "The util-linux update addresses critical vulnerabilities, particularly in the \u0027wall\u0027 command, neutralizing escape sequences to prevent account takeover and other potential exploits in versions up to 2.40.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28085 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28085.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-28085"
},
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "other",
"text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"title": "CWE-96"
},
{
"category": "description",
"text": "The Less text file viewer has an OS command execution vulnerability due to mishandled newline characters in file names, affecting multiple NetApp products and allowing remote command execution when the LESSOPEN variable is set.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32487 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-32487.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-32487"
},
{
"cve": "CVE-2024-47875",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "DOMPurify has addressed a nesting-based mXSS vulnerability in versions 2.5.0 and 3.1.3, while HPE Private Cloud AI has identified remote exploit vulnerabilities.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47875 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47875.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2024-50602",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications Cloud Native Core services and libexpat allow unauthenticated denial of service attacks, with CVSS scores of 5.9, affecting various versions and components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50602 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50602.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-52533",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "Off-by-one Error",
"title": "CWE-193"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and Gnome Glib versions prior to 2.82.1 expose systems to unauthorized access and buffer overflow risks, potentially leading to data compromise and service disruptions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-52533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-52533"
},
{
"cve": "CVE-2024-56835",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "description",
"text": "A vulnerability in RUGGEDCOM ROX II (versions \u003c V2.17.0) allows code injection in the DHCP Server configuration file, enabling attackers to gain root access via a reverse shell.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56835 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56835.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-56835"
},
{
"cve": "CVE-2024-56836",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "description",
"text": "A vulnerability in RUGGEDCOM ROX II family versions prior to V2.17.0 allows attackers to inject parameters during Dynamic DNS configuration, potentially leading to root access via a reverse shell.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56836 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56836.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-56836"
},
{
"cve": "CVE-2024-56837",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "description",
"text": "A vulnerability in the RUGGEDCOM ROX II family (versions \u003c V2.17.0) allows attackers to gain root access through insufficient validation during configuration file handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56837 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56837.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-56837"
},
{
"cve": "CVE-2024-56838",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "description",
"text": "A vulnerability in RUGGEDCOM ROX II devices (versions \u003c V2.17.0) allows attackers to execute arbitrary code as root due to the SCEP client\u0027s failure to validate multiple fields during secure certificate enrollment.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56838 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56838.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-56838"
},
{
"cve": "CVE-2024-56839",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "description",
"text": "A vulnerability in RUGGEDCOM ROX II (versions \u003c V2.17.0) allows code injection via VRF, enabling attackers to execute arbitrary code with root privileges.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56839 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56839.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-56839"
},
{
"cve": "CVE-2024-56840",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"title": "CWE-74"
},
{
"category": "description",
"text": "A vulnerability in the RUGGEDCOM ROX II family (versions \u003c V2.17.0) allows code injection via IPsec, enabling attackers to execute arbitrary code with root privileges.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56840 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56840.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2024-56840"
},
{
"cve": "CVE-2025-0938",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6, 3.11, 3.12, and 3.13.5 address security vulnerabilities related to improper URL parsing of domain names with square brackets, which violate RFC 3986 and could lead to unauthorized data manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-0938 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-0938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-0938"
},
{
"cve": "CVE-2025-2783",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Palo Alto Networks has addressed vulnerabilities in Prisma\u00ae Access Browser and highlighted a high-severity sandbox escape flaw in Google Chrome on Windows, linked to an incorrect handle in Mojo.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:D/RE:L/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-2783 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-2783.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-2783"
},
{
"cve": "CVE-2025-10148",
"cwe": {
"id": "CWE-340",
"name": "Generation of Predictable Numbers or Identifiers"
},
"notes": [
{
"category": "other",
"text": "Generation of Predictable Numbers or Identifiers",
"title": "CWE-340"
},
{
"category": "description",
"text": "Recent updates to curl (version 8.14.1) address critical security vulnerabilities, including cache poisoning risks in WebSocket code and a denial of service flaw in Oracle Communications Unified Inventory Management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-10148 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-10148.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-10148"
},
{
"cve": "CVE-2025-40800",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "A vulnerability in various versions of COMOS, NX, Simcenter 3D, Simcenter Femap, and Solid Edge products allows for potential man-in-the-middle attacks due to the IAM client not validating server certificates for TLS connections.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40800 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40800.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40800"
},
{
"cve": "CVE-2025-40801",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "A vulnerability in COMOS, NX, Simcenter, and Tecnomatix products arises from the SALT SDK\u0027s failure to validate server certificates for TLS connections, risking man-in-the-middle attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40801 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40801.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40801"
},
{
"cve": "CVE-2025-40806",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "description",
"text": "A vulnerability in Gridscale X Prepay (versions \u003c V4.2.1) allows unauthenticated remote attackers to perform user enumeration, potentially facilitating brute force attacks on valid users.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40806 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40806.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40806"
},
{
"cve": "CVE-2025-40807",
"cwe": {
"id": "CWE-294",
"name": "Authentication Bypass by Capture-replay"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Capture-replay",
"title": "CWE-294"
},
{
"category": "description",
"text": "A vulnerability in Gridscale X Prepay (versions \u003c V4.2.1) allows locked-out users to exploit capture-replay of authentication tokens, enabling them to establish valid sessions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40807 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40807"
},
{
"cve": "CVE-2025-40818",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "A vulnerability in SINEMA Remote Connect Server (versions \u003c V3.2 SP4) allows unauthorized access to private SSL/TLS keys, enabling attackers to impersonate the server and conduct man-in-the-middle attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40818 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40818.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40818"
},
{
"cve": "CVE-2025-40819",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "A vulnerability in SINEMA Remote Connect Server (versions \u003c V3.2 SP4) allows unauthorized modification of the system_ticketinfo table, enabling database users to bypass licensing restrictions and modify database values directly.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40819 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40819"
},
{
"cve": "CVE-2025-40820",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
},
{
"category": "description",
"text": "The document outlines a vulnerability in certain products that lack TCP sequence number validation, enabling unauthenticated remote attackers to disrupt TCP-based services through the injection of spoofed IP packets.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40820 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40820"
},
{
"cve": "CVE-2025-40830",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "description",
"text": "A vulnerability in SINEC Security Monitor (versions \u003c V4.10.0) allows lowly privileged authenticated local attackers to read or write any file on the server or sensor due to inadequate authorization checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40830 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40830.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40830"
},
{
"cve": "CVE-2025-40831",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "A vulnerability in SINEC Security Monitor versions prior to V4.10.0 allows lowly privileged authenticated attackers to exploit input validation issues in the date parameter during report generation, potentially causing a denial of service.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40831 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40831.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40831"
},
{
"cve": "CVE-2025-40935",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "A vulnerability in RUGGEDCOM devices (versions below V5.10.1) allows authenticated remote attackers to exploit improper input validation during TLS certificate uploads, potentially leading to device crashes and Denial of Service.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40935 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40935.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40935"
},
{
"cve": "CVE-2025-40938",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "other",
"text": "Use of Hard-coded Credentials",
"title": "CWE-798"
},
{
"category": "description",
"text": "A vulnerability in SIMATIC CN 4100 (versions \u003c V4.0.1) exposes sensitive firmware information, compromising the device\u0027s confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40938 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40938"
},
{
"cve": "CVE-2025-40939",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in SIMATIC CN 4100 (versions \u003c V4.0.1) allows an attacker with physical access to exploit an unauthenticated USB port, potentially causing a denial of service by triggering a reboot.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40939 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40939.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40939"
},
{
"cve": "CVE-2025-40940",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in SIMATIC CN 4100 (versions \u003c V4.0.1) leads to inconsistent SNMP behavior, potentially allowing unauthorized access to sensitive data and compromising confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40940 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40940.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40940"
},
{
"cve": "CVE-2025-40941",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in SIMATIC CN 4100 (all versions \u003c V4.0.1) allows affected devices to expose server information in their responses, potentially aiding attackers with network access in targeted attacks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-40941.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-40941"
},
{
"cve": "CVE-2025-59392",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
},
{
"category": "description",
"text": "Elspec G5 devices up to version 1.2.2.19 have a vulnerability that allows physical access to reset the Admin password using a USB drive with a specific reset string.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59392 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59392.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2025-59392"
},
{
"cve": "CVE-2018-1000876",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "The update for binutils version 2.32 addresses multiple security vulnerabilities, including memory access issues and buffer overflows, while also introducing support for new architectures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2018-1000876 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2018/cve-2018-1000876.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21",
"CSAFPID-22",
"CSAFPID-23",
"CSAFPID-24",
"CSAFPID-25",
"CSAFPID-26",
"CSAFPID-27",
"CSAFPID-28",
"CSAFPID-29",
"CSAFPID-30",
"CSAFPID-31",
"CSAFPID-32"
]
}
],
"title": "CVE-2018-1000876"
}
]
}
NCSC-2026-0022
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:25 - Updated: 2026-01-21 09:25Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications products and GnuTLS's certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle's Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2026-01-21T09:25:39.876330Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0022",
"initial_release_date": "2026-01-21T09:25:39.876330Z",
"revision_history": [
{
"date": "2026-01-21T09:25:39.876330Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Cloud Native Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications ASAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications BRM - Elastic Charging Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Element Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications IP Service Activator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Policy Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Report Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-46901",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-46901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-46901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-46901"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "other",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5987.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5987"
},
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"notes": [
{
"category": "other",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-9900"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25193 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25193.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-25193"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32988"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications products and GnuTLS\u0027s certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-46727",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46727 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46727.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-46727"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48060 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48060.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48060"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49844",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49844 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49844.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-49844"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-58098",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58098 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58098.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58098"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "description",
"text": "Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64718 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64718.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-68161"
}
]
}
OPENSUSE-SU-2025:14756-1
Vulnerability from csaf_opensuse - Published: 2025-02-09 00:00 - Updated: 2025-02-09 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libtasn1-6-32bit-4.20.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libtasn1-6-32bit-4.20.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14756",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14756-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14756-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LSN5NMZ5HY5PR3Z4GCPRWQVI55PNV6WY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14756-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LSN5NMZ5HY5PR3Z4GCPRWQVI55PNV6WY/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12133 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12133/"
}
],
"title": "libtasn1-6-32bit-4.20.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-02-09T00:00:00Z",
"generator": {
"date": "2025-02-09T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14756-1",
"initial_release_date": "2025-02-09T00:00:00Z",
"revision_history": [
{
"date": "2025-02-09T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-6-4.20.0-1.1.aarch64",
"product": {
"name": "libtasn1-6-4.20.0-1.1.aarch64",
"product_id": "libtasn1-6-4.20.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libtasn1-6-32bit-4.20.0-1.1.aarch64",
"product": {
"name": "libtasn1-6-32bit-4.20.0-1.1.aarch64",
"product_id": "libtasn1-6-32bit-4.20.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libtasn1-devel-4.20.0-1.1.aarch64",
"product": {
"name": "libtasn1-devel-4.20.0-1.1.aarch64",
"product_id": "libtasn1-devel-4.20.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libtasn1-devel-32bit-4.20.0-1.1.aarch64",
"product": {
"name": "libtasn1-devel-32bit-4.20.0-1.1.aarch64",
"product_id": "libtasn1-devel-32bit-4.20.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libtasn1-tools-4.20.0-1.1.aarch64",
"product": {
"name": "libtasn1-tools-4.20.0-1.1.aarch64",
"product_id": "libtasn1-tools-4.20.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-6-4.20.0-1.1.ppc64le",
"product": {
"name": "libtasn1-6-4.20.0-1.1.ppc64le",
"product_id": "libtasn1-6-4.20.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libtasn1-6-32bit-4.20.0-1.1.ppc64le",
"product": {
"name": "libtasn1-6-32bit-4.20.0-1.1.ppc64le",
"product_id": "libtasn1-6-32bit-4.20.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libtasn1-devel-4.20.0-1.1.ppc64le",
"product": {
"name": "libtasn1-devel-4.20.0-1.1.ppc64le",
"product_id": "libtasn1-devel-4.20.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libtasn1-devel-32bit-4.20.0-1.1.ppc64le",
"product": {
"name": "libtasn1-devel-32bit-4.20.0-1.1.ppc64le",
"product_id": "libtasn1-devel-32bit-4.20.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libtasn1-tools-4.20.0-1.1.ppc64le",
"product": {
"name": "libtasn1-tools-4.20.0-1.1.ppc64le",
"product_id": "libtasn1-tools-4.20.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-6-4.20.0-1.1.s390x",
"product": {
"name": "libtasn1-6-4.20.0-1.1.s390x",
"product_id": "libtasn1-6-4.20.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libtasn1-6-32bit-4.20.0-1.1.s390x",
"product": {
"name": "libtasn1-6-32bit-4.20.0-1.1.s390x",
"product_id": "libtasn1-6-32bit-4.20.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libtasn1-devel-4.20.0-1.1.s390x",
"product": {
"name": "libtasn1-devel-4.20.0-1.1.s390x",
"product_id": "libtasn1-devel-4.20.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libtasn1-devel-32bit-4.20.0-1.1.s390x",
"product": {
"name": "libtasn1-devel-32bit-4.20.0-1.1.s390x",
"product_id": "libtasn1-devel-32bit-4.20.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libtasn1-tools-4.20.0-1.1.s390x",
"product": {
"name": "libtasn1-tools-4.20.0-1.1.s390x",
"product_id": "libtasn1-tools-4.20.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-6-4.20.0-1.1.x86_64",
"product": {
"name": "libtasn1-6-4.20.0-1.1.x86_64",
"product_id": "libtasn1-6-4.20.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtasn1-6-32bit-4.20.0-1.1.x86_64",
"product": {
"name": "libtasn1-6-32bit-4.20.0-1.1.x86_64",
"product_id": "libtasn1-6-32bit-4.20.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtasn1-devel-4.20.0-1.1.x86_64",
"product": {
"name": "libtasn1-devel-4.20.0-1.1.x86_64",
"product_id": "libtasn1-devel-4.20.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtasn1-devel-32bit-4.20.0-1.1.x86_64",
"product": {
"name": "libtasn1-devel-32bit-4.20.0-1.1.x86_64",
"product_id": "libtasn1-devel-32bit-4.20.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libtasn1-tools-4.20.0-1.1.x86_64",
"product": {
"name": "libtasn1-tools-4.20.0-1.1.x86_64",
"product_id": "libtasn1-tools-4.20.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-6-4.20.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.aarch64"
},
"product_reference": "libtasn1-6-4.20.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-6-4.20.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.ppc64le"
},
"product_reference": "libtasn1-6-4.20.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-6-4.20.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.s390x"
},
"product_reference": "libtasn1-6-4.20.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-6-4.20.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.x86_64"
},
"product_reference": "libtasn1-6-4.20.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-6-32bit-4.20.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.aarch64"
},
"product_reference": "libtasn1-6-32bit-4.20.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-6-32bit-4.20.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.ppc64le"
},
"product_reference": "libtasn1-6-32bit-4.20.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-6-32bit-4.20.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.s390x"
},
"product_reference": "libtasn1-6-32bit-4.20.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-6-32bit-4.20.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.x86_64"
},
"product_reference": "libtasn1-6-32bit-4.20.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-4.20.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.aarch64"
},
"product_reference": "libtasn1-devel-4.20.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-4.20.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.ppc64le"
},
"product_reference": "libtasn1-devel-4.20.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-4.20.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.s390x"
},
"product_reference": "libtasn1-devel-4.20.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-4.20.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.x86_64"
},
"product_reference": "libtasn1-devel-4.20.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-32bit-4.20.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.aarch64"
},
"product_reference": "libtasn1-devel-32bit-4.20.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-32bit-4.20.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.ppc64le"
},
"product_reference": "libtasn1-devel-32bit-4.20.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-32bit-4.20.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.s390x"
},
"product_reference": "libtasn1-devel-32bit-4.20.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-32bit-4.20.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.x86_64"
},
"product_reference": "libtasn1-devel-32bit-4.20.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-4.20.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.aarch64"
},
"product_reference": "libtasn1-tools-4.20.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-4.20.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.ppc64le"
},
"product_reference": "libtasn1-tools-4.20.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-4.20.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.s390x"
},
"product_reference": "libtasn1-tools-4.20.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-4.20.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.x86_64"
},
"product_reference": "libtasn1-tools-4.20.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12133"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12133",
"url": "https://www.suse.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "SUSE Bug 1236878 for CVE-2024-12133",
"url": "https://bugzilla.suse.com/1236878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-6-32bit-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-6-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-devel-32bit-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-devel-4.20.0-1.1.x86_64",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.aarch64",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.ppc64le",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.s390x",
"openSUSE Tumbleweed:libtasn1-tools-4.20.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-09T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-12133"
}
]
}
OPENSUSE-SU-2025:14835-1
Vulnerability from csaf_opensuse - Published: 2025-02-25 00:00 - Updated: 2025-02-25 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gnutls-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gnutls-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gnutls-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gnutls-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:gnutls-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gnutls-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gnutls-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gnutls-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gnutls-3.8.9-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gnutls-3.8.9-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14835",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14835-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14835-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SSDPXBEBCXFVTR7ITHZRLUVKRYPT5CV4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14835-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SSDPXBEBCXFVTR7ITHZRLUVKRYPT5CV4/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12133 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12243 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12243/"
}
],
"title": "gnutls-3.8.9-1.1 on GA media",
"tracking": {
"current_release_date": "2025-02-25T00:00:00Z",
"generator": {
"date": "2025-02-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14835-1",
"initial_release_date": "2025-02-25T00:00:00Z",
"revision_history": [
{
"date": "2025-02-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gnutls-3.8.9-1.1.aarch64",
"product": {
"name": "gnutls-3.8.9-1.1.aarch64",
"product_id": "gnutls-3.8.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutls-dane-devel-3.8.9-1.1.aarch64",
"product": {
"name": "libgnutls-dane-devel-3.8.9-1.1.aarch64",
"product_id": "libgnutls-dane-devel-3.8.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutls-dane0-3.8.9-1.1.aarch64",
"product": {
"name": "libgnutls-dane0-3.8.9-1.1.aarch64",
"product_id": "libgnutls-dane0-3.8.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-3.8.9-1.1.aarch64",
"product": {
"name": "libgnutls-devel-3.8.9-1.1.aarch64",
"product_id": "libgnutls-devel-3.8.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-32bit-3.8.9-1.1.aarch64",
"product": {
"name": "libgnutls-devel-32bit-3.8.9-1.1.aarch64",
"product_id": "libgnutls-devel-32bit-3.8.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-doc-3.8.9-1.1.aarch64",
"product": {
"name": "libgnutls-devel-doc-3.8.9-1.1.aarch64",
"product_id": "libgnutls-devel-doc-3.8.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutls30-3.8.9-1.1.aarch64",
"product": {
"name": "libgnutls30-3.8.9-1.1.aarch64",
"product_id": "libgnutls30-3.8.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutls30-32bit-3.8.9-1.1.aarch64",
"product": {
"name": "libgnutls30-32bit-3.8.9-1.1.aarch64",
"product_id": "libgnutls30-32bit-3.8.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutlsxx-devel-3.8.9-1.1.aarch64",
"product": {
"name": "libgnutlsxx-devel-3.8.9-1.1.aarch64",
"product_id": "libgnutlsxx-devel-3.8.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgnutlsxx30-3.8.9-1.1.aarch64",
"product": {
"name": "libgnutlsxx30-3.8.9-1.1.aarch64",
"product_id": "libgnutlsxx30-3.8.9-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-3.8.9-1.1.ppc64le",
"product": {
"name": "gnutls-3.8.9-1.1.ppc64le",
"product_id": "gnutls-3.8.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutls-dane-devel-3.8.9-1.1.ppc64le",
"product": {
"name": "libgnutls-dane-devel-3.8.9-1.1.ppc64le",
"product_id": "libgnutls-dane-devel-3.8.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutls-dane0-3.8.9-1.1.ppc64le",
"product": {
"name": "libgnutls-dane0-3.8.9-1.1.ppc64le",
"product_id": "libgnutls-dane0-3.8.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-3.8.9-1.1.ppc64le",
"product": {
"name": "libgnutls-devel-3.8.9-1.1.ppc64le",
"product_id": "libgnutls-devel-3.8.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-32bit-3.8.9-1.1.ppc64le",
"product": {
"name": "libgnutls-devel-32bit-3.8.9-1.1.ppc64le",
"product_id": "libgnutls-devel-32bit-3.8.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-doc-3.8.9-1.1.ppc64le",
"product": {
"name": "libgnutls-devel-doc-3.8.9-1.1.ppc64le",
"product_id": "libgnutls-devel-doc-3.8.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutls30-3.8.9-1.1.ppc64le",
"product": {
"name": "libgnutls30-3.8.9-1.1.ppc64le",
"product_id": "libgnutls30-3.8.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutls30-32bit-3.8.9-1.1.ppc64le",
"product": {
"name": "libgnutls30-32bit-3.8.9-1.1.ppc64le",
"product_id": "libgnutls30-32bit-3.8.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutlsxx-devel-3.8.9-1.1.ppc64le",
"product": {
"name": "libgnutlsxx-devel-3.8.9-1.1.ppc64le",
"product_id": "libgnutlsxx-devel-3.8.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgnutlsxx30-3.8.9-1.1.ppc64le",
"product": {
"name": "libgnutlsxx30-3.8.9-1.1.ppc64le",
"product_id": "libgnutlsxx30-3.8.9-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-3.8.9-1.1.s390x",
"product": {
"name": "gnutls-3.8.9-1.1.s390x",
"product_id": "gnutls-3.8.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutls-dane-devel-3.8.9-1.1.s390x",
"product": {
"name": "libgnutls-dane-devel-3.8.9-1.1.s390x",
"product_id": "libgnutls-dane-devel-3.8.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutls-dane0-3.8.9-1.1.s390x",
"product": {
"name": "libgnutls-dane0-3.8.9-1.1.s390x",
"product_id": "libgnutls-dane0-3.8.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-3.8.9-1.1.s390x",
"product": {
"name": "libgnutls-devel-3.8.9-1.1.s390x",
"product_id": "libgnutls-devel-3.8.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-32bit-3.8.9-1.1.s390x",
"product": {
"name": "libgnutls-devel-32bit-3.8.9-1.1.s390x",
"product_id": "libgnutls-devel-32bit-3.8.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-doc-3.8.9-1.1.s390x",
"product": {
"name": "libgnutls-devel-doc-3.8.9-1.1.s390x",
"product_id": "libgnutls-devel-doc-3.8.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutls30-3.8.9-1.1.s390x",
"product": {
"name": "libgnutls30-3.8.9-1.1.s390x",
"product_id": "libgnutls30-3.8.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutls30-32bit-3.8.9-1.1.s390x",
"product": {
"name": "libgnutls30-32bit-3.8.9-1.1.s390x",
"product_id": "libgnutls30-32bit-3.8.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutlsxx-devel-3.8.9-1.1.s390x",
"product": {
"name": "libgnutlsxx-devel-3.8.9-1.1.s390x",
"product_id": "libgnutlsxx-devel-3.8.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgnutlsxx30-3.8.9-1.1.s390x",
"product": {
"name": "libgnutlsxx30-3.8.9-1.1.s390x",
"product_id": "libgnutlsxx30-3.8.9-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-3.8.9-1.1.x86_64",
"product": {
"name": "gnutls-3.8.9-1.1.x86_64",
"product_id": "gnutls-3.8.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutls-dane-devel-3.8.9-1.1.x86_64",
"product": {
"name": "libgnutls-dane-devel-3.8.9-1.1.x86_64",
"product_id": "libgnutls-dane-devel-3.8.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutls-dane0-3.8.9-1.1.x86_64",
"product": {
"name": "libgnutls-dane0-3.8.9-1.1.x86_64",
"product_id": "libgnutls-dane0-3.8.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-3.8.9-1.1.x86_64",
"product": {
"name": "libgnutls-devel-3.8.9-1.1.x86_64",
"product_id": "libgnutls-devel-3.8.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-32bit-3.8.9-1.1.x86_64",
"product": {
"name": "libgnutls-devel-32bit-3.8.9-1.1.x86_64",
"product_id": "libgnutls-devel-32bit-3.8.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutls-devel-doc-3.8.9-1.1.x86_64",
"product": {
"name": "libgnutls-devel-doc-3.8.9-1.1.x86_64",
"product_id": "libgnutls-devel-doc-3.8.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutls30-3.8.9-1.1.x86_64",
"product": {
"name": "libgnutls30-3.8.9-1.1.x86_64",
"product_id": "libgnutls30-3.8.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutls30-32bit-3.8.9-1.1.x86_64",
"product": {
"name": "libgnutls30-32bit-3.8.9-1.1.x86_64",
"product_id": "libgnutls30-32bit-3.8.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutlsxx-devel-3.8.9-1.1.x86_64",
"product": {
"name": "libgnutlsxx-devel-3.8.9-1.1.x86_64",
"product_id": "libgnutlsxx-devel-3.8.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgnutlsxx30-3.8.9-1.1.x86_64",
"product": {
"name": "libgnutlsxx30-3.8.9-1.1.x86_64",
"product_id": "libgnutlsxx30-3.8.9-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gnutls-3.8.9-1.1.aarch64"
},
"product_reference": "gnutls-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gnutls-3.8.9-1.1.ppc64le"
},
"product_reference": "gnutls-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gnutls-3.8.9-1.1.s390x"
},
"product_reference": "gnutls-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gnutls-3.8.9-1.1.x86_64"
},
"product_reference": "gnutls-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-dane-devel-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.aarch64"
},
"product_reference": "libgnutls-dane-devel-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-dane-devel-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.ppc64le"
},
"product_reference": "libgnutls-dane-devel-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-dane-devel-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.s390x"
},
"product_reference": "libgnutls-dane-devel-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-dane-devel-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.x86_64"
},
"product_reference": "libgnutls-dane-devel-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-dane0-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.aarch64"
},
"product_reference": "libgnutls-dane0-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-dane0-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.ppc64le"
},
"product_reference": "libgnutls-dane0-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-dane0-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.s390x"
},
"product_reference": "libgnutls-dane0-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-dane0-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.x86_64"
},
"product_reference": "libgnutls-dane0-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.aarch64"
},
"product_reference": "libgnutls-devel-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.ppc64le"
},
"product_reference": "libgnutls-devel-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.s390x"
},
"product_reference": "libgnutls-devel-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.x86_64"
},
"product_reference": "libgnutls-devel-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-32bit-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.aarch64"
},
"product_reference": "libgnutls-devel-32bit-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-32bit-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.ppc64le"
},
"product_reference": "libgnutls-devel-32bit-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-32bit-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.s390x"
},
"product_reference": "libgnutls-devel-32bit-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-32bit-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.x86_64"
},
"product_reference": "libgnutls-devel-32bit-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-doc-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.aarch64"
},
"product_reference": "libgnutls-devel-doc-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-doc-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.ppc64le"
},
"product_reference": "libgnutls-devel-doc-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-doc-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.s390x"
},
"product_reference": "libgnutls-devel-doc-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls-devel-doc-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.x86_64"
},
"product_reference": "libgnutls-devel-doc-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.aarch64"
},
"product_reference": "libgnutls30-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.ppc64le"
},
"product_reference": "libgnutls30-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.s390x"
},
"product_reference": "libgnutls30-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.x86_64"
},
"product_reference": "libgnutls30-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-32bit-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.aarch64"
},
"product_reference": "libgnutls30-32bit-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-32bit-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.ppc64le"
},
"product_reference": "libgnutls30-32bit-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-32bit-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.s390x"
},
"product_reference": "libgnutls30-32bit-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutls30-32bit-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.x86_64"
},
"product_reference": "libgnutls30-32bit-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutlsxx-devel-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.aarch64"
},
"product_reference": "libgnutlsxx-devel-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutlsxx-devel-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.ppc64le"
},
"product_reference": "libgnutlsxx-devel-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutlsxx-devel-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.s390x"
},
"product_reference": "libgnutlsxx-devel-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutlsxx-devel-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.x86_64"
},
"product_reference": "libgnutlsxx-devel-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutlsxx30-3.8.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.aarch64"
},
"product_reference": "libgnutlsxx30-3.8.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutlsxx30-3.8.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.ppc64le"
},
"product_reference": "libgnutlsxx30-3.8.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutlsxx30-3.8.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.s390x"
},
"product_reference": "libgnutlsxx30-3.8.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgnutlsxx30-3.8.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.x86_64"
},
"product_reference": "libgnutlsxx30-3.8.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12133"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12133",
"url": "https://www.suse.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "SUSE Bug 1236878 for CVE-2024-12133",
"url": "https://bugzilla.suse.com/1236878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-12243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12243"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12243",
"url": "https://www.suse.com/security/cve/CVE-2024-12243"
},
{
"category": "external",
"summary": "SUSE Bug 1236974 for CVE-2024-12243",
"url": "https://bugzilla.suse.com/1236974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:gnutls-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-dane0-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls-devel-doc-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutls30-32bit-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx-devel-3.8.9-1.1.x86_64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.aarch64",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.ppc64le",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.s390x",
"openSUSE Tumbleweed:libgnutlsxx30-3.8.9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12243"
}
]
}
RHSA-2025:17347
Vulnerability from csaf_redhat - Published: 2025-10-06 02:07 - Updated: 2026-06-30 04:35A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libtasn1 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.\n\nSecurity Fix(es):\n\n* libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS (CVE-2024-12133)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:17347",
"url": "https://access.redhat.com/errata/RHSA-2025:17347"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17347.json"
}
],
"title": "Red Hat Security Advisory: libtasn1 security update",
"tracking": {
"current_release_date": "2026-06-30T04:35:16+00:00",
"generator": {
"date": "2026-06-30T04:35:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:17347",
"initial_release_date": "2025-10-06T02:07:36+00:00",
"revision_history": [
{
"date": "2025-10-06T02:07:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-06T02:07:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:35:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_2.1.src",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.src",
"product_id": "libtasn1-0:4.16.0-8.el9_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_2.1.aarch64",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.aarch64",
"product_id": "libtasn1-0:4.16.0-8.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64",
"product": {
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64",
"product_id": "libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-8.el9_2.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_2.1.ppc64le",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.ppc64le",
"product_id": "libtasn1-0:4.16.0-8.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le",
"product": {
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le",
"product_id": "libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-8.el9_2.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_2.1.i686",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.i686",
"product_id": "libtasn1-0:4.16.0-8.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.i686",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.i686",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_2.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_2.1.x86_64",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.x86_64",
"product_id": "libtasn1-0:4.16.0-8.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64",
"product": {
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64",
"product_id": "libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-8.el9_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_2.1.s390x",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.s390x",
"product_id": "libtasn1-0:4.16.0-8.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.s390x",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.s390x",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.s390x",
"product": {
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.s390x",
"product_id": "libtasn1-tools-0:4.16.0-8.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-8.el9_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.i686"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.s390x"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64"
},
"product_reference": "libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le"
},
"product_reference": "libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.s390x"
},
"product_reference": "libtasn1-tools-0:4.16.0-8.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64"
},
"product_reference": "libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.aarch64"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.i686"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.ppc64le"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.s390x"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.src"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_2.1.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.x86_64"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bing Shi"
]
}
],
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-02-10T08:14:05.460000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344611"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "RHBZ#2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md",
"url": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52",
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"release_date": "2025-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-06T02:07:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-devel-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-0:4.16.0-8.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libtasn1-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-debuginfo-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-debugsource-0:4.16.0-8.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libtasn1-tools-debuginfo-0:4.16.0-8.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS"
}
]
}
RHSA-2025:4049
Vulnerability from csaf_redhat - Published: 2025-04-23 11:47 - Updated: 2026-06-30 04:35A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libtasn1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.\n\nSecurity Fix(es):\n\n* libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS (CVE-2024-12133)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:4049",
"url": "https://access.redhat.com/errata/RHSA-2025:4049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4049.json"
}
],
"title": "Red Hat Security Advisory: libtasn1 security update",
"tracking": {
"current_release_date": "2026-06-30T04:35:16+00:00",
"generator": {
"date": "2026-06-30T04:35:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:4049",
"initial_release_date": "2025-04-23T11:47:59+00:00",
"revision_history": [
{
"date": "2025-04-23T11:47:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-23T11:47:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:35:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.13-5.el8_10.aarch64",
"product": {
"name": "libtasn1-devel-0:4.13-5.el8_10.aarch64",
"product_id": "libtasn1-devel-0:4.13-5.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.13-5.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.13-5.el8_10.aarch64",
"product": {
"name": "libtasn1-tools-0:4.13-5.el8_10.aarch64",
"product_id": "libtasn1-tools-0:4.13-5.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.13-5.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"product": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"product_id": "libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.13-5.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"product": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"product_id": "libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.13-5.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"product_id": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.13-5.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.13-5.el8_10.aarch64",
"product": {
"name": "libtasn1-0:4.13-5.el8_10.aarch64",
"product_id": "libtasn1-0:4.13-5.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.13-5.el8_10.ppc64le",
"product": {
"name": "libtasn1-devel-0:4.13-5.el8_10.ppc64le",
"product_id": "libtasn1-devel-0:4.13-5.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.13-5.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.13-5.el8_10.ppc64le",
"product": {
"name": "libtasn1-tools-0:4.13-5.el8_10.ppc64le",
"product_id": "libtasn1-tools-0:4.13-5.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.13-5.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"product": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"product_id": "libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.13-5.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"product": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"product_id": "libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.13-5.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"product_id": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.13-5.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.13-5.el8_10.ppc64le",
"product": {
"name": "libtasn1-0:4.13-5.el8_10.ppc64le",
"product_id": "libtasn1-0:4.13-5.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.13-5.el8_10.i686",
"product": {
"name": "libtasn1-devel-0:4.13-5.el8_10.i686",
"product_id": "libtasn1-devel-0:4.13-5.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.13-5.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.13-5.el8_10.i686",
"product": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.i686",
"product_id": "libtasn1-debugsource-0:4.13-5.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.13-5.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"product": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"product_id": "libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.13-5.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"product_id": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.13-5.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.13-5.el8_10.i686",
"product": {
"name": "libtasn1-0:4.13-5.el8_10.i686",
"product_id": "libtasn1-0:4.13-5.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.13-5.el8_10.x86_64",
"product": {
"name": "libtasn1-devel-0:4.13-5.el8_10.x86_64",
"product_id": "libtasn1-devel-0:4.13-5.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.13-5.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.13-5.el8_10.x86_64",
"product": {
"name": "libtasn1-tools-0:4.13-5.el8_10.x86_64",
"product_id": "libtasn1-tools-0:4.13-5.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.13-5.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"product": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"product_id": "libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.13-5.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"product": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"product_id": "libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.13-5.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64",
"product_id": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.13-5.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.13-5.el8_10.x86_64",
"product": {
"name": "libtasn1-0:4.13-5.el8_10.x86_64",
"product_id": "libtasn1-0:4.13-5.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.13-5.el8_10.s390x",
"product": {
"name": "libtasn1-devel-0:4.13-5.el8_10.s390x",
"product_id": "libtasn1-devel-0:4.13-5.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.13-5.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.13-5.el8_10.s390x",
"product": {
"name": "libtasn1-tools-0:4.13-5.el8_10.s390x",
"product_id": "libtasn1-tools-0:4.13-5.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.13-5.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"product": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"product_id": "libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.13-5.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"product": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"product_id": "libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.13-5.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"product_id": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.13-5.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.13-5.el8_10.s390x",
"product": {
"name": "libtasn1-0:4.13-5.el8_10.s390x",
"product_id": "libtasn1-0:4.13-5.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-0:4.13-5.el8_10.src",
"product": {
"name": "libtasn1-0:4.13-5.el8_10.src",
"product_id": "libtasn1-0:4.13-5.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.13-5.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.aarch64"
},
"product_reference": "libtasn1-devel-0:4.13-5.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.13-5.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.i686"
},
"product_reference": "libtasn1-devel-0:4.13-5.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.13-5.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.ppc64le"
},
"product_reference": "libtasn1-devel-0:4.13-5.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.13-5.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.s390x"
},
"product_reference": "libtasn1-devel-0:4.13-5.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.13-5.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.x86_64"
},
"product_reference": "libtasn1-devel-0:4.13-5.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.13-5.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.aarch64"
},
"product_reference": "libtasn1-tools-0:4.13-5.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.13-5.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.ppc64le"
},
"product_reference": "libtasn1-tools-0:4.13-5.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.13-5.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.s390x"
},
"product_reference": "libtasn1-tools-0:4.13-5.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.13-5.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.x86_64"
},
"product_reference": "libtasn1-tools-0:4.13-5.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-5.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.aarch64"
},
"product_reference": "libtasn1-0:4.13-5.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-5.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.i686"
},
"product_reference": "libtasn1-0:4.13-5.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-5.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.ppc64le"
},
"product_reference": "libtasn1-0:4.13-5.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-5.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.s390x"
},
"product_reference": "libtasn1-0:4.13-5.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-5.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.src"
},
"product_reference": "libtasn1-0:4.13-5.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-5.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.x86_64"
},
"product_reference": "libtasn1-0:4.13-5.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-5.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-5.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bing Shi"
]
}
],
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-02-10T08:14:05.460000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344611"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "RHBZ#2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md",
"url": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52",
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"release_date": "2025-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-23T11:47:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-devel-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-0:4.13-5.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debuginfo-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-debugsource-0:4.13-5.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libtasn1-tools-debuginfo-0:4.13-5.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS"
}
]
}
RHSA-2025:7077
Vulnerability from csaf_redhat - Published: 2025-05-13 08:26 - Updated: 2026-06-30 04:35A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libtasn1 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.\n\nSecurity Fix(es):\n\n* libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS (CVE-2024-12133)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:7077",
"url": "https://access.redhat.com/errata/RHSA-2025:7077"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.6_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.6_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7077.json"
}
],
"title": "Red Hat Security Advisory: libtasn1 security update",
"tracking": {
"current_release_date": "2026-06-30T04:35:17+00:00",
"generator": {
"date": "2026-06-30T04:35:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:7077",
"initial_release_date": "2025-05-13T08:26:23+00:00",
"revision_history": [
{
"date": "2025-05-13T08:26:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-13T08:26:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:35:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-9.el9.aarch64",
"product": {
"name": "libtasn1-devel-0:4.16.0-9.el9.aarch64",
"product_id": "libtasn1-devel-0:4.16.0-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-9.el9.aarch64",
"product": {
"name": "libtasn1-tools-0:4.16.0-9.el9.aarch64",
"product_id": "libtasn1-tools-0:4.16.0-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"product_id": "libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"product_id": "libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-9.el9.aarch64",
"product": {
"name": "libtasn1-0:4.16.0-9.el9.aarch64",
"product_id": "libtasn1-0:4.16.0-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-9.el9.ppc64le",
"product": {
"name": "libtasn1-devel-0:4.16.0-9.el9.ppc64le",
"product_id": "libtasn1-devel-0:4.16.0-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-9.el9.ppc64le",
"product": {
"name": "libtasn1-tools-0:4.16.0-9.el9.ppc64le",
"product_id": "libtasn1-tools-0:4.16.0-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"product_id": "libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"product_id": "libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-9.el9.ppc64le",
"product": {
"name": "libtasn1-0:4.16.0-9.el9.ppc64le",
"product_id": "libtasn1-0:4.16.0-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-9.el9.i686",
"product": {
"name": "libtasn1-devel-0:4.16.0-9.el9.i686",
"product_id": "libtasn1-devel-0:4.16.0-9.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-9.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-9.el9.i686",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.i686",
"product_id": "libtasn1-debugsource-0:4.16.0-9.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-9.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"product_id": "libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-9.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-9.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-9.el9.i686",
"product": {
"name": "libtasn1-0:4.16.0-9.el9.i686",
"product_id": "libtasn1-0:4.16.0-9.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-9.el9.x86_64",
"product": {
"name": "libtasn1-devel-0:4.16.0-9.el9.x86_64",
"product_id": "libtasn1-devel-0:4.16.0-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-9.el9.x86_64",
"product": {
"name": "libtasn1-tools-0:4.16.0-9.el9.x86_64",
"product_id": "libtasn1-tools-0:4.16.0-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"product_id": "libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"product_id": "libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-9.el9.x86_64",
"product": {
"name": "libtasn1-0:4.16.0-9.el9.x86_64",
"product_id": "libtasn1-0:4.16.0-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-9.el9.s390x",
"product": {
"name": "libtasn1-devel-0:4.16.0-9.el9.s390x",
"product_id": "libtasn1-devel-0:4.16.0-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-9.el9.s390x",
"product": {
"name": "libtasn1-tools-0:4.16.0-9.el9.s390x",
"product_id": "libtasn1-tools-0:4.16.0-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"product_id": "libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"product_id": "libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-9.el9.s390x",
"product": {
"name": "libtasn1-0:4.16.0-9.el9.s390x",
"product_id": "libtasn1-0:4.16.0-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-9.el9.src",
"product": {
"name": "libtasn1-0:4.16.0-9.el9.src",
"product_id": "libtasn1-0:4.16.0-9.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.i686",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.aarch64"
},
"product_reference": "libtasn1-devel-0:4.16.0-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-9.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.i686"
},
"product_reference": "libtasn1-devel-0:4.16.0-9.el9.i686",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.ppc64le"
},
"product_reference": "libtasn1-devel-0:4.16.0-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.s390x"
},
"product_reference": "libtasn1-devel-0:4.16.0-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.x86_64"
},
"product_reference": "libtasn1-devel-0:4.16.0-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.aarch64"
},
"product_reference": "libtasn1-tools-0:4.16.0-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.ppc64le"
},
"product_reference": "libtasn1-tools-0:4.16.0-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.s390x"
},
"product_reference": "libtasn1-tools-0:4.16.0-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.x86_64"
},
"product_reference": "libtasn1-tools-0:4.16.0-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-9.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.aarch64"
},
"product_reference": "libtasn1-0:4.16.0-9.el9.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-9.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.i686"
},
"product_reference": "libtasn1-0:4.16.0-9.el9.i686",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-9.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.ppc64le"
},
"product_reference": "libtasn1-0:4.16.0-9.el9.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-9.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.s390x"
},
"product_reference": "libtasn1-0:4.16.0-9.el9.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-9.el9.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.src"
},
"product_reference": "libtasn1-0:4.16.0-9.el9.src",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-9.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.x86_64"
},
"product_reference": "libtasn1-0:4.16.0-9.el9.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-9.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.i686",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-9.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bing Shi"
]
}
],
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-02-10T08:14:05.460000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344611"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.src",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "RHBZ#2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md",
"url": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52",
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"release_date": "2025-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:26:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.src",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7077"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-devel-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-tools-0:4.16.0-9.el9.x86_64",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"AppStream-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.src",
"BaseOS-9.6.0.GA:libtasn1-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-debuginfo-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-debugsource-0:4.16.0-9.el9.x86_64",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.aarch64",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.i686",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.ppc64le",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.s390x",
"BaseOS-9.6.0.GA:libtasn1-tools-debuginfo-0:4.16.0-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS"
}
]
}
RHSA-2025:8021
Vulnerability from csaf_redhat - Published: 2025-05-20 01:04 - Updated: 2026-06-30 04:35A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libtasn1 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.\n\nSecurity Fix(es):\n\n* libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS (CVE-2024-12133)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8021",
"url": "https://access.redhat.com/errata/RHSA-2025:8021"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8021.json"
}
],
"title": "Red Hat Security Advisory: libtasn1 security update",
"tracking": {
"current_release_date": "2026-06-30T04:35:17+00:00",
"generator": {
"date": "2026-06-30T04:35:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:8021",
"initial_release_date": "2025-05-20T01:04:16+00:00",
"revision_history": [
{
"date": "2025-05-20T01:04:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-20T01:04:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:35:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64",
"product": {
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64",
"product_id": "libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-8.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_4.1.aarch64",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.aarch64",
"product_id": "libtasn1-0:4.16.0-8.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_4.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le",
"product": {
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le",
"product_id": "libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-8.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_4.1.ppc64le",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.ppc64le",
"product_id": "libtasn1-0:4.16.0-8.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.i686",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.i686",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_4.1.i686",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.i686",
"product_id": "libtasn1-0:4.16.0-8.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_4.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64",
"product": {
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64",
"product_id": "libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-8.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_4.1.x86_64",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.x86_64",
"product_id": "libtasn1-0:4.16.0-8.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.s390x",
"product": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.s390x",
"product_id": "libtasn1-devel-0:4.16.0-8.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.16.0-8.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.s390x",
"product": {
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.s390x",
"product_id": "libtasn1-tools-0:4.16.0-8.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.16.0-8.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"product": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"product_id": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.16.0-8.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"product": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"product_id": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.16.0-8.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"product_id": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.16.0-8.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_4.1.s390x",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.s390x",
"product_id": "libtasn1-0:4.16.0-8.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libtasn1-0:4.16.0-8.el9_4.1.src",
"product": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.src",
"product_id": "libtasn1-0:4.16.0-8.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.i686"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.s390x"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64"
},
"product_reference": "libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64"
},
"product_reference": "libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le"
},
"product_reference": "libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.s390x"
},
"product_reference": "libtasn1-tools-0:4.16.0-8.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64"
},
"product_reference": "libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.aarch64"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.i686"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.ppc64le"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.s390x"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.src"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_4.1.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.16.0-8.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.x86_64"
},
"product_reference": "libtasn1-0:4.16.0-8.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bing Shi"
]
}
],
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-02-10T08:14:05.460000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344611"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "RHBZ#2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md",
"url": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52",
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"release_date": "2025-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-20T01:04:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8021"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-devel-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-0:4.16.0-8.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libtasn1-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-debuginfo-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-debugsource-0:4.16.0-8.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libtasn1-tools-debuginfo-0:4.16.0-8.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS"
}
]
}
RHSA-2025:8385
Vulnerability from csaf_redhat - Published: 2025-06-02 14:07 - Updated: 2026-07-14 14:13A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Workaround
|
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Workaround
|
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Workaround
|
An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Workaround
|
A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8385",
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-4752",
"url": "https://access.redhat.com/security/cve/CVE-2023-4752"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12087",
"url": "https://access.redhat.com/security/cve/CVE-2024-12087"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12088",
"url": "https://access.redhat.com/security/cve/CVE-2024-12088"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12133",
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12243",
"url": "https://access.redhat.com/security/cve/CVE-2024-12243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12747",
"url": "https://access.redhat.com/security/cve/CVE-2024-12747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-35195",
"url": "https://access.redhat.com/security/cve/CVE-2024-35195"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-52005",
"url": "https://access.redhat.com/security/cve/CVE-2024-52005"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-8176",
"url": "https://access.redhat.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-0938",
"url": "https://access.redhat.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-24528",
"url": "https://access.redhat.com/security/cve/CVE-2025-24528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26465",
"url": "https://access.redhat.com/security/cve/CVE-2025-26465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8385.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-07-14T14:13:59+00:00",
"generator": {
"date": "2026-07-14T14:13:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2025:8385",
"initial_release_date": "2025-06-02T14:07:46+00:00",
"revision_history": [
{
"date": "2025-06-02T14:07:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-02T14:07:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T14:13:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 1.14",
"product": {
"name": "Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:1.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Af33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.3-1748529279"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.2-1748467619"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Aad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.3-1748529279"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Ac960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.2-1748467619"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4752",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-09-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237311"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: use-after-free in function ins_compl_get_exp in vim/vim",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having a Low security impact, because the \"victim\" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4752"
},
{
"category": "external",
"summary": "RHBZ#2237311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237311"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4752"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757",
"url": "https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757"
}
],
"release_date": "2023-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vim: use-after-free in function ins_compl_get_exp in vim/vim"
},
{
"acknowledgments": [
{
"names": [
"Jann Horn"
],
"organization": "Google Project Zero"
},
{
"names": [
"Tomas Korbar",
"Sandipan Roy"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
},
{
"names": [
"Sebastian Pipping"
],
"organization": "libexpat"
}
],
"cve": "CVE-2024-8176",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-06-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310137"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All supported Red Hat offerings are built with the compilation flag (-fstack-clash-protection) which reduces the impact to Moderate. This build configuration blocks the possibility of an attacker gaining arbitrary code execution even if a stack-clash vulnerability, like this one, could be exploited.\n\nThis vulnerability is rated Moderate because Red Hat builds use the `-fstack-clash-protection` compiler flag, which mitigates the risk of arbitrary code execution from stack overflows. While the flaw allows a crash via uncontrolled recursion in XML parsing, the hardened stack layout prevents reliable memory corruption, limiting the impact to a Denial of Service (DoS) scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "RHBZ#2310137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/893",
"url": "https://github.com/libexpat/libexpat/issues/893"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/973",
"url": "https://github.com/libexpat/libexpat/pull/973"
}
],
"release_date": "2025-03-13T13:51:54.957000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat"
},
{
"acknowledgments": [
{
"names": [
"Simon Scannell",
"Pedro Gallegos",
"Jasiel Spelman"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12087",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-12-05T21:23:24.139000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330672"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client\u0027s intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Path traversal vulnerability in rsync",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw to have moderate severity as it depends on specific configurations for the attack to succeed, symbolic link syncing must be enabled (explicitly by providing the `--links` option or implicitly such as with `--archive`) and the client must connect to a malicious or compromised server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12087"
},
{
"category": "external",
"summary": "RHBZ#2330672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12087",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12087"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: Path traversal vulnerability in rsync"
},
{
"acknowledgments": [
{
"names": [
"Simon Scannell",
"Jasiel Spelman",
"Pedro Gallegos"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12088",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-12-05T21:55:22.700000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330676"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: --safe-links option bypass leads to path traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability requires user interaction to be triggered, as the rsync client must first establish a connection/have access to the malicious rsync server (at least anonymous read-access).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12088"
},
{
"category": "external",
"summary": "RHBZ#2330676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12088",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12088"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: --safe-links option bypass leads to path traversal"
},
{
"acknowledgments": [
{
"names": [
"Bing Shi"
]
}
],
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-02-10T08:14:05.460000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344611"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "RHBZ#2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md",
"url": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52",
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"release_date": "2025-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS"
},
{
"acknowledgments": [
{
"names": [
"Bing Shi"
]
}
],
"cve": "CVE-2024-12243",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-02-10T08:33:56.422000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12243"
},
{
"category": "external",
"summary": "RHBZ#2344615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1553",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1553"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52",
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"release_date": "2025-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS"
},
{
"acknowledgments": [
{
"names": [
"Aleksei Gorban \"loqpa\""
]
}
],
"cve": "CVE-2024-12747",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2024-12-18T07:12:52.493000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2332968"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync\u0027s handling of symbolic links. Rsync\u0027s default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Race Condition in rsync Handling Symbolic Links",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12747"
},
{
"category": "external",
"summary": "RHBZ#2332968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332968"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12747"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: Race Condition in rsync Handling Symbolic Links"
},
{
"cve": "CVE-2024-35195",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"discovery_date": "2024-05-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2282114"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "requests: subsequent requests to the same host ignore cert verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-35195"
},
{
"category": "external",
"summary": "RHBZ#2282114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195"
},
{
"category": "external",
"summary": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56",
"url": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56"
}
],
"release_date": "2024-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "requests: subsequent requests to the same host ignore cert verification"
},
{
"cve": "CVE-2024-52005",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2025-01-15T18:01:05.807300+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2338289"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: The sideband payload is passed unfiltered to the terminal in git",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate rather than important because it primarily affects informational messages rather than directly compromising repository integrity or executing arbitrary code. The issue arises from Git\u0027s failure to sanitize ANSI escape sequences in messages received over the sideband channel, which could allow a malicious remote repository to manipulate terminal output. However, exploitation requires user interaction, such as manually copying and executing misleading commands. Unlike higher-severity vulnerabilities, this does not provide direct unauthorized access, remote code execution, or privilege escalation, limiting its overall impact. The risk is further mitigated by best practices, such as avoiding recursive clones from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52005"
},
{
"category": "external",
"summary": "RHBZ#2338289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338289"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52005"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329",
"url": "https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329"
},
{
"category": "external",
"summary": "https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net",
"url": "https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net"
}
],
"release_date": "2025-01-15T17:35:02.379000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "git: The sideband payload is passed unfiltered to the terminal in git"
},
{
"cve": "CVE-2025-0938",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-01-31T18:00:46.128427+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2343237"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: URL parser allowed square brackets in domain names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "RHBZ#2343237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-0938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0938"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/105704",
"url": "https://github.com/python/cpython/issues/105704"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/129418",
"url": "https://github.com/python/cpython/pull/129418"
}
],
"release_date": "2025-01-31T17:51:35.898000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: cpython: URL parser allowed square brackets in domain names"
},
{
"cve": "CVE-2025-24528",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-01-29T13:47:59.362000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342796"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: overflow when calculating ulog block size",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24528"
},
{
"category": "external",
"summary": "RHBZ#2342796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342796"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24528"
},
{
"category": "external",
"summary": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0",
"url": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"
}
],
"release_date": "2024-01-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: overflow when calculating ulog block size"
},
{
"cve": "CVE-2025-26465",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2025-02-10T21:56:03.853000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344780"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated as a moderate severity vulnerability instead of important because it requires specific conditions to be exploitable. First, the OpenSSH client must have the VerifyHostKeyDNS option enabled, which is disabled by default in Red Hat Enterprise Linux (RHEL). \n\nAdditionally, while the attack allows a machine-in-the-middle (MITM) adversary to trick the client into accepting an incorrect host key, it does not directly lead to code execution or immediate system compromise. Instead, the attack requires additional steps, such as credential interception or session hijacking to fully exploit the breach.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26465"
},
{
"category": "external",
"summary": "RHBZ#2344780",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26465"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7109879",
"url": "https://access.redhat.com/solutions/7109879"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2025/q1/144",
"url": "https://seclists.org/oss-sec/2025/q1/144"
}
],
"release_date": "2025-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled"
}
]
}
RHSA-2026:30849
Vulnerability from csaf_redhat - Published: 2026-06-29 02:54 - Updated: 2026-07-16 11:46A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Workaround
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 | — | ||
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for multiple packages is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nSecurity Fix(es):\n\n* libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS (CVE-2024-12133)\n\n* gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification (CVE-2025-14831)\n\n* gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison (CVE-2026-3833)\n\n* gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment (CVE-2026-33845)\n\n* gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly (CVE-2026-33846)\n\n* gnutls: Fix qsort comparator in DTLS reassembly (CVE-2026-42009)\n\n* gnutls: gnutls: Authentication Bypass via NUL Character in Username (CVE-2026-42010)\n\n* gnutls: gnutls: Security bypass due to incorrect name constraint handling (CVE-2026-42011)\n\n* gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs (CVE-2026-42012)\n\n* gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name (CVE-2026-42013)\n\n* gnutls: gnutls: Information disclosure via heap overread in RSA key exchange (CVE-2026-5260)\n\n* gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin (CVE-2026-42014)\n\n* gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling (CVE-2026-42015)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:30849",
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "external",
"summary": "2423177",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177"
},
{
"category": "external",
"summary": "2445763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
},
{
"category": "external",
"summary": "2450624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"category": "external",
"summary": "2450625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
},
{
"category": "external",
"summary": "2467279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"category": "external",
"summary": "2467289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
},
{
"category": "external",
"summary": "2467437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
},
{
"category": "external",
"summary": "2467441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
},
{
"category": "external",
"summary": "2467448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
},
{
"category": "external",
"summary": "2467450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
},
{
"category": "external",
"summary": "2467451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
},
{
"category": "external",
"summary": "2467678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_30849.json"
}
],
"title": "Red Hat Security Advisory: gnutls and libtasn1 security update",
"tracking": {
"current_release_date": "2026-07-16T11:46:41+00:00",
"generator": {
"date": "2026-07-16T11:46:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.6"
}
},
"id": "RHSA-2026:30849",
"initial_release_date": "2026-06-29T02:54:42+00:00",
"revision_history": [
{
"date": "2026-06-29T02:54:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T02:54:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-16T11:46:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"product": {
"name": "gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"product_id": "gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.6.16-5.el8_6.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"product": {
"name": "gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"product_id": "gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane@3.6.16-5.el8_6.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"product": {
"name": "gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"product_id": "gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-devel@3.6.16-5.el8_6.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"product": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"product_id": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debugsource@3.6.16-5.el8_6.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product_id": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.6.16-5.el8_6.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product_id": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.6.16-5.el8_6.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product_id": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debuginfo@3.6.16-5.el8_6.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product_id": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.6.16-5.el8_6.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "gnutls-0:3.6.16-5.el8_6.5.i686",
"product": {
"name": "gnutls-0:3.6.16-5.el8_6.5.i686",
"product_id": "gnutls-0:3.6.16-5.el8_6.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.6.16-5.el8_6.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-devel-0:4.13-3.el8_6.2.i686",
"product": {
"name": "libtasn1-devel-0:4.13-3.el8_6.2.i686",
"product_id": "libtasn1-devel-0:4.13-3.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.13-3.el8_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"product": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"product_id": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.13-3.el8_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"product": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"product_id": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.13-3.el8_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"product_id": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.13-3.el8_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.13-3.el8_6.2.i686",
"product": {
"name": "libtasn1-0:4.13-3.el8_6.2.i686",
"product_id": "libtasn1-0:4.13-3.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.13-3.el8_6.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-devel@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-utils@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debugsource@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-c%2B%2B-debuginfo@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-dane-debuginfo@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-debuginfo@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls-utils-debuginfo@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "gnutls-0:3.6.16-5.el8_6.5.x86_64",
"product": {
"name": "gnutls-0:3.6.16-5.el8_6.5.x86_64",
"product_id": "gnutls-0:3.6.16-5.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.6.16-5.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"product": {
"name": "libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"product_id": "libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-devel@4.13-3.el8_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"product": {
"name": "libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"product_id": "libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools@4.13-3.el8_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"product": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"product_id": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debugsource@4.13-3.el8_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"product": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"product_id": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-debuginfo@4.13-3.el8_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"product": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"product_id": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1-tools-debuginfo@4.13-3.el8_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.13-3.el8_6.2.x86_64",
"product": {
"name": "libtasn1-0:4.13-3.el8_6.2.x86_64",
"product_id": "libtasn1-0:4.13-3.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.13-3.el8_6.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gnutls-0:3.6.16-5.el8_6.5.src",
"product": {
"name": "gnutls-0:3.6.16-5.el8_6.5.src",
"product_id": "gnutls-0:3.6.16-5.el8_6.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gnutls@3.6.16-5.el8_6.5?arch=src"
}
}
},
{
"category": "product_version",
"name": "libtasn1-0:4.13-3.el8_6.2.src",
"product": {
"name": "libtasn1-0:4.13-3.el8_6.2.src",
"product_id": "libtasn1-0:4.13-3.el8_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libtasn1@4.13-3.el8_6.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-devel-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-devel-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-devel-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-devel-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.6.16-5.el8_6.5.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src"
},
"product_reference": "gnutls-0:3.6.16-5.el8_6.5.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-3.el8_6.2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src"
},
"product_reference": "libtasn1-0:4.13-3.el8_6.2.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.6.16-5.el8_6.5.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src"
},
"product_reference": "gnutls-0:3.6.16-5.el8_6.5.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686"
},
"product_reference": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
},
"product_reference": "gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-3.el8_6.2.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src"
},
"product_reference": "libtasn1-0:4.13-3.el8_6.2.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
},
"product_reference": "libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bing Shi"
]
}
],
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-02-10T08:14:05.460000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344611"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "RHBZ#2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md",
"url": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52",
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"release_date": "2025-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS"
},
{
"cve": "CVE-2025-14831",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-12-17T14:48:30.222000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2423177"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. GnuTLS is susceptible to a denial of service attack due to excessive CPU and memory consumption. This occurs when processing specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) during certificate verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14831"
},
{
"category": "external",
"summary": "RHBZ#2423177",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1773",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1773"
}
],
"release_date": "2026-02-09T14:26:34.939000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification"
},
{
"cve": "CVE-2026-3833",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2026-03-09T14:02:09.783000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445763"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is particularly important because it affects the correct enforcement of X.509 nameConstraints, which are specifically designed to limit the authority of subordinate CAs. In GnuTLS, the use of case-sensitive comparisons (memcmp) for dNSName and the domain portion of rfc822Name violates the case-insensitive matching requirements defined in RFC 5280 and RFC 4343. As a result, a constrained subordinate CA can bypass excludedSubtrees or permittedSubtrees restrictions simply by changing the letter casing of a domain in the SAN (e.g., ExAmPlE.CoM vs example.com). Since nameConstraints are often the only mechanism enforcing domain boundaries in delegated PKI hierarchies, this flaw effectively allows a malicious or compromised sub-CA to issue certificates for domains that should be cryptographically prohibited, enabling unauthorized certificate validation and potential TLS impersonation of restricted services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3833"
},
{
"category": "external",
"summary": "RHBZ#2445763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1803",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1803"
}
],
"release_date": "2026-04-30T17:26:28.969000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-5260",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2026-05-06T19:50:31.302000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Information disclosure via heap overread in RSA key exchange",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5260"
},
{
"category": "external",
"summary": "RHBZ#2467450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5260",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5260"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5260",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5260"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Information disclosure via heap overread in RSA key exchange"
},
{
"cve": "CVE-2026-33845",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-03-24T05:35:59.740000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue marked as Important severity due to its remote, pre-authentication reachability and its impact on a critical DTLS handshake parsing path. The vulnerability can be triggered by an unauthenticated attacker sending crafted DTLS handshake fragments, requiring no prior access or interaction. It leads to an out-of-bounds read caused by an integer underflow in fragment reassembly, operating entirely on attacker-controlled input. Such flaws in low-level protocol parsing are particularly serious, as they may result in disclosure of sensitive process memory, including cryptographic or session-related data, and can also cause reliable application crashes leading to denial of service. Given that DTLS is commonly used in network-facing services such as VPNs and real-time communication systems, the exposure surface is broad. The combination of unauthenticated remote exploitation, memory safety violation, and potential confidentiality and availability impact justifies classifying this issue as high severity rather than moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "RHBZ#2450624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
}
],
"release_date": "2026-04-30T17:28:41.473000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment"
},
{
"cve": "CVE-2026-33846",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-03-24T05:38:09.899000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450625"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability should be classified as an important flaw rather than moderate because it exposes a pre-authentication, remotely reachable heap buffer overflow in the DTLS handshake processing path, which is part of the core protocol handling logic and commonly exposed in network-facing services. The flaw enables an attacker to inject controlled data at attacker-chosen offsets and sizes beyond allocated heap boundaries by exploiting inconsistent message_length handling across fragments, effectively creating a constrained but meaningful heap write primitive. Unlike benign memory safety bugs, this condition is deterministically triggerable with a small number of crafted packets and no environmental dependencies for denial-of-service, and it targets a long-lived parsing state where memory corruption can affect adjacent heap structures. Even if reliable code execution requires additional heap manipulation or layout knowledge, the combination of remote reachability, lack of authentication, controlled memory corruption capability, and trivial crashability significantly elevates the risk profile beyond moderate severity. In real-world deployments, such primitives are often sufficient to enable heap grooming and exploitation chains, particularly in services that repeatedly process attacker-controlled input, making this a materially important security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "RHBZ#2450625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33846"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846"
}
],
"release_date": "2026-05-04T08:53:59.249000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42009",
"cwe": {
"id": "CWE-475",
"name": "Undefined Behavior for Input to API"
},
"discovery_date": "2026-05-06T16:32:32.382000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467279"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw has been downgraded on Red Hat Enterprise Linux due to the following reason:\n\n- The number of elements passed to the vulnerable function at runtime is known and is at most 6 and the element size is sufficiently small. glibc\u2019s qsort implementation will not exercise the quick sort code path, which would otherwise cause an infloop or out-of-bound write.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "RHBZ#2467279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42010",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-05-06T16:57:37.044000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467289"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Authentication Bypass via NUL Character in Username",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "RHBZ#2467289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Authentication Bypass via NUL Character in Username"
},
{
"acknowledgments": [
{
"names": [
"Haruto Kimura"
],
"organization": "Stella"
}
],
"cve": "CVE-2026-42011",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-06T19:06:25.319000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Security bypass due to incorrect name constraint handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42011"
},
{
"category": "external",
"summary": "RHBZ#2467437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42011"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42011",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42011"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Security bypass due to incorrect name constraint handling"
},
{
"acknowledgments": [
{
"names": [
"Oleh Konko"
],
"organization": "1Seal"
}
],
"cve": "CVE-2026-42012",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-06T19:16:02.753000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467441"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42012"
},
{
"category": "external",
"summary": "RHBZ#2467441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42012"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs"
},
{
"acknowledgments": [
{
"names": [
"Haruto Kimura"
],
"organization": "Stella"
},
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42013",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-06T19:47:00.134000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42013"
},
{
"category": "external",
"summary": "RHBZ#2467448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42013"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42013",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42013"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name"
},
{
"acknowledgments": [
{
"names": [
"Luigino Camastra"
]
},
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42014",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-05-06T19:51:54.069000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42014"
},
{
"category": "external",
"summary": "RHBZ#2467451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42014"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42014",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42014"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1766",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1766"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin"
},
{
"acknowledgments": [
{
"names": [
"Zou Dikai"
]
}
],
"cve": "CVE-2026-42015",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2026-05-07T10:50:28.379000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467678"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"known_not_affected": [
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42015"
},
{
"category": "external",
"summary": "RHBZ#2467678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42015"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42015",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42015"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T02:54:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-devel-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-devel-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-0:4.13-3.el8_6.2.x86_64",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"AppStream-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.AUS:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.AUS:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-c++-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-dane-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-debugsource-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:gnutls-utils-debuginfo-0:3.6.16-5.el8_6.5.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debuginfo-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-debugsource-0:4.13-3.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libtasn1-tools-debuginfo-0:4.13-3.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.