This commit is contained in:
NeilHanlon 2023-02-22 13:06:47 +00:00
parent 59a28641d1
commit c1d21bcc81
2 changed files with 434 additions and 950 deletions

View File

@ -51,7 +51,7 @@
} }
a.toggle-more-links { cursor: pointer; } a.toggle-more-links { cursor: pointer; }
</style> </style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-20 13:06:23.699980968 +0000 UTC m=+0.790736468 </title> <title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-22 13:06:46.685386942 +0000 UTC m=+1.390952176 </title>
<script> <script>
window.onload = function() { window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) { document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script> </script>
</head> </head>
<body> <body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-20 13:06:23.700012968 +0000 UTC m=+0.790768468</h1> <h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-02-22 13:06:46.685416043 +0000 UTC m=+1.390981377</h1>
<table> <table>
<tr class="group-header"><th colspan="6">rocky</th></tr> <tr class="group-header"><th colspan="6">rocky</th></tr>
<tr class="sub-header"> <tr class="sub-header">
@ -93,569 +93,377 @@
<th>Links</th> <th>Links</th>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus</td> <td class="pkg-name">platform-python</td>
<td>CVE-2022-42010</td> <td>CVE-2020-10735</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>1:1.12.8-23.el8_7.1</td> <td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="http://www.openwall.com/lists/oss-security/2022/09/21/1">http://www.openwall.com/lists/oss-security/2022/09/21/1</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42010">https://access.redhat.com/security/cve/CVE-2022-42010</a> <a href="http://www.openwall.com/lists/oss-security/2022/09/21/4">http://www.openwall.com/lists/oss-security/2022/09/21/4</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://access.redhat.com/errata/RHSA-2022:7323">https://access.redhat.com/errata/RHSA-2022:7323</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://access.redhat.com/security/cve/CVE-2020-10735">https://access.redhat.com/security/cve/CVE-2020-10735</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2144072">https://bugzilla.redhat.com/show_bug.cgi?id=2144072</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a> <a href="https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y">https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a> <a href="https://errata.almalinux.org/9/ALSA-2022-7323.html">https://errata.almalinux.org/9/ALSA-2022-7323.html</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/418">https://gitlab.freedesktop.org/dbus/dbus/-/issues/418</a> <a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42010.html">https://linux.oracle.com/cve/CVE-2022-42010.html</a> <a href="https://github.com/python/cpython/issues/95778">https://github.com/python/cpython/issues/95778</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a> <a href="https://linux.oracle.com/cve/CVE-2020-10735.html">https://linux.oracle.com/cve/CVE-2020-10735.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a> <a href="https://linux.oracle.com/errata/ELSA-2022-7323.html">https://linux.oracle.com/errata/ELSA-2022-7323.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42010">https://nvd.nist.gov/vuln/detail/CVE-2022-42010</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10735">https://nvd.nist.gov/vuln/detail/CVE-2020-10735</a>
</td> </td>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus</td> <td class="pkg-name">platform-python</td>
<td>CVE-2022-42011</td> <td>CVE-2021-28861</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>1:1.12.8-23.el8_7.1</td> <td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="https://access.redhat.com/errata/RHSA-2022:8353">https://access.redhat.com/errata/RHSA-2022:8353</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42011">https://access.redhat.com/security/cve/CVE-2022-42011</a> <a href="https://access.redhat.com/security/cve/CVE-2021-28861">https://access.redhat.com/security/cve/CVE-2021-28861</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://bugs.python.org/issue43223">https://bugs.python.org/issue43223</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://bugzilla.redhat.com/2075390">https://bugzilla.redhat.com/2075390</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2054702">https://bugzilla.redhat.com/show_bug.cgi?id=2054702</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2059951">https://bugzilla.redhat.com/show_bug.cgi?id=2059951</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2075390">https://bugzilla.redhat.com/show_bug.cgi?id=2075390</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2128249">https://bugzilla.redhat.com/show_bug.cgi?id=2128249</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a> <a href="https://errata.almalinux.org/9/ALSA-2022-8353.html">https://errata.almalinux.org/9/ALSA-2022-8353.html</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/413">https://gitlab.freedesktop.org/dbus/dbus/-/issues/413</a> <a href="https://errata.rockylinux.org/RLSA-2022:8353">https://errata.rockylinux.org/RLSA-2022:8353</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42011.html">https://linux.oracle.com/cve/CVE-2022-42011.html</a> <a href="https://github.com/python/cpython/pull/24848">https://github.com/python/cpython/pull/24848</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a> <a href="https://github.com/python/cpython/pull/93879">https://github.com/python/cpython/pull/93879</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a> <a href="https://linux.oracle.com/cve/CVE-2021-28861.html">https://linux.oracle.com/cve/CVE-2021-28861.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a> <a href="https://linux.oracle.com/errata/ELSA-2022-8353.html">https://linux.oracle.com/errata/ELSA-2022-8353.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42011">https://nvd.nist.gov/vuln/detail/CVE-2022-42011</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28861">https://nvd.nist.gov/vuln/detail/CVE-2021-28861</a>
<a href="https://ubuntu.com/security/notices/USN-5629-1">https://ubuntu.com/security/notices/USN-5629-1</a>
</td> </td>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus</td> <td class="pkg-name">platform-python</td>
<td>CVE-2022-42012</td> <td>CVE-2022-45061</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>1:1.12.8-23.el8_7.1</td> <td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42012">https://access.redhat.com/security/cve/CVE-2022-42012</a> <a href="https://access.redhat.com/security/cve/CVE-2022-45061">https://access.redhat.com/security/cve/CVE-2022-45061</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2144072">https://bugzilla.redhat.com/show_bug.cgi?id=2144072</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a> <a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a> <a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/417">https://gitlab.freedesktop.org/dbus/dbus/-/issues/417</a> <a href="https://github.com/python/cpython/issues/98433">https://github.com/python/cpython/issues/98433</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42012.html">https://linux.oracle.com/cve/CVE-2022-42012.html</a> <a href="https://github.com/python/cpython/pull/99092">https://github.com/python/cpython/pull/99092</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a> <a href="https://github.com/python/cpython/pull/99230 (3.9-branch)">https://github.com/python/cpython/pull/99230 (3.9-branch)</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a> <a href="https://github.com/python/cpython/pull/99231 (3.8-branch)">https://github.com/python/cpython/pull/99231 (3.8-branch)</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42012">https://nvd.nist.gov/vuln/detail/CVE-2022-42012</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-45061">https://nvd.nist.gov/vuln/detail/CVE-2022-45061</a>
<a href="https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html">https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html</a>
<a href="https://security.netapp.com/advisory/ntap-20221209-0007/">https://security.netapp.com/advisory/ntap-20221209-0007/</a>
<a href="https://ubuntu.com/security/notices/USN-5767-1">https://ubuntu.com/security/notices/USN-5767-1</a>
<a href="https://ubuntu.com/security/notices/USN-5767-2">https://ubuntu.com/security/notices/USN-5767-2</a>
</td> </td>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus-daemon</td> <td class="pkg-name">python3-libs</td>
<td>CVE-2022-42010</td> <td>CVE-2020-10735</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>1:1.12.8-23.el8_7.1</td> <td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="http://www.openwall.com/lists/oss-security/2022/09/21/1">http://www.openwall.com/lists/oss-security/2022/09/21/1</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42010">https://access.redhat.com/security/cve/CVE-2022-42010</a> <a href="http://www.openwall.com/lists/oss-security/2022/09/21/4">http://www.openwall.com/lists/oss-security/2022/09/21/4</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://access.redhat.com/errata/RHSA-2022:7323">https://access.redhat.com/errata/RHSA-2022:7323</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://access.redhat.com/security/cve/CVE-2020-10735">https://access.redhat.com/security/cve/CVE-2020-10735</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2144072">https://bugzilla.redhat.com/show_bug.cgi?id=2144072</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a> <a href="https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y">https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a> <a href="https://errata.almalinux.org/9/ALSA-2022-7323.html">https://errata.almalinux.org/9/ALSA-2022-7323.html</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/418">https://gitlab.freedesktop.org/dbus/dbus/-/issues/418</a> <a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42010.html">https://linux.oracle.com/cve/CVE-2022-42010.html</a> <a href="https://github.com/python/cpython/issues/95778">https://github.com/python/cpython/issues/95778</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a> <a href="https://linux.oracle.com/cve/CVE-2020-10735.html">https://linux.oracle.com/cve/CVE-2020-10735.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a> <a href="https://linux.oracle.com/errata/ELSA-2022-7323.html">https://linux.oracle.com/errata/ELSA-2022-7323.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42010">https://nvd.nist.gov/vuln/detail/CVE-2022-42010</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/">https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10735">https://nvd.nist.gov/vuln/detail/CVE-2020-10735</a>
</td> </td>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus-daemon</td> <td class="pkg-name">python3-libs</td>
<td>CVE-2022-42011</td> <td>CVE-2021-28861</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>1:1.12.8-23.el8_7.1</td> <td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="https://access.redhat.com/errata/RHSA-2022:8353">https://access.redhat.com/errata/RHSA-2022:8353</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42011">https://access.redhat.com/security/cve/CVE-2022-42011</a> <a href="https://access.redhat.com/security/cve/CVE-2021-28861">https://access.redhat.com/security/cve/CVE-2021-28861</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://bugs.python.org/issue43223">https://bugs.python.org/issue43223</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://bugzilla.redhat.com/2075390">https://bugzilla.redhat.com/2075390</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2054702">https://bugzilla.redhat.com/show_bug.cgi?id=2054702</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2059951">https://bugzilla.redhat.com/show_bug.cgi?id=2059951</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2075390">https://bugzilla.redhat.com/show_bug.cgi?id=2075390</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2128249">https://bugzilla.redhat.com/show_bug.cgi?id=2128249</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a> <a href="https://errata.almalinux.org/9/ALSA-2022-8353.html">https://errata.almalinux.org/9/ALSA-2022-8353.html</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/413">https://gitlab.freedesktop.org/dbus/dbus/-/issues/413</a> <a href="https://errata.rockylinux.org/RLSA-2022:8353">https://errata.rockylinux.org/RLSA-2022:8353</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42011.html">https://linux.oracle.com/cve/CVE-2022-42011.html</a> <a href="https://github.com/python/cpython/pull/24848">https://github.com/python/cpython/pull/24848</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a> <a href="https://github.com/python/cpython/pull/93879">https://github.com/python/cpython/pull/93879</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a> <a href="https://linux.oracle.com/cve/CVE-2021-28861.html">https://linux.oracle.com/cve/CVE-2021-28861.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a> <a href="https://linux.oracle.com/errata/ELSA-2022-8353.html">https://linux.oracle.com/errata/ELSA-2022-8353.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42011">https://nvd.nist.gov/vuln/detail/CVE-2022-42011</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28861">https://nvd.nist.gov/vuln/detail/CVE-2021-28861</a>
<a href="https://ubuntu.com/security/notices/USN-5629-1">https://ubuntu.com/security/notices/USN-5629-1</a>
</td> </td>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus-daemon</td> <td class="pkg-name">python3-libs</td>
<td>CVE-2022-42012</td> <td>CVE-2022-45061</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>1:1.12.8-23.el8_7.1</td> <td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42012">https://access.redhat.com/security/cve/CVE-2022-42012</a> <a href="https://access.redhat.com/security/cve/CVE-2022-45061">https://access.redhat.com/security/cve/CVE-2022-45061</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2144072">https://bugzilla.redhat.com/show_bug.cgi?id=2144072</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a> <a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a> <a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/417">https://gitlab.freedesktop.org/dbus/dbus/-/issues/417</a> <a href="https://github.com/python/cpython/issues/98433">https://github.com/python/cpython/issues/98433</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42012.html">https://linux.oracle.com/cve/CVE-2022-42012.html</a> <a href="https://github.com/python/cpython/pull/99092">https://github.com/python/cpython/pull/99092</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a> <a href="https://github.com/python/cpython/pull/99230 (3.9-branch)">https://github.com/python/cpython/pull/99230 (3.9-branch)</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a> <a href="https://github.com/python/cpython/pull/99231 (3.8-branch)">https://github.com/python/cpython/pull/99231 (3.8-branch)</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42012">https://nvd.nist.gov/vuln/detail/CVE-2022-42012</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a> <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-45061">https://nvd.nist.gov/vuln/detail/CVE-2022-45061</a>
<a href="https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html">https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html</a>
<a href="https://security.netapp.com/advisory/ntap-20221209-0007/">https://security.netapp.com/advisory/ntap-20221209-0007/</a>
<a href="https://ubuntu.com/security/notices/USN-5767-1">https://ubuntu.com/security/notices/USN-5767-1</a>
<a href="https://ubuntu.com/security/notices/USN-5767-2">https://ubuntu.com/security/notices/USN-5767-2</a>
</td> </td>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus-libs</td> <td class="pkg-name">systemd</td>
<td>CVE-2022-42010</td> <td>CVE-2022-4415</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">239-68.el8_7.2</td>
<td>1:1.12.8-23.el8_7.1</td> <td>239-68.el8_7.4</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="https://access.redhat.com/errata/RHSA-2023:0837">https://access.redhat.com/errata/RHSA-2023:0837</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42010">https://access.redhat.com/security/cve/CVE-2022-42010</a> <a href="https://access.redhat.com/security/cve/CVE-2022-4415">https://access.redhat.com/security/cve/CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://bugzilla.redhat.com/2155515">https://bugzilla.redhat.com/2155515</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2155515">https://bugzilla.redhat.com/show_bug.cgi?id=2155515</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2164049">https://bugzilla.redhat.com/show_bug.cgi?id=2164049</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://errata.almalinux.org/8/ALSA-2023-0837.html">https://errata.almalinux.org/8/ALSA-2023-0837.html</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://errata.rockylinux.org/RLSA-2023:0837">https://errata.rockylinux.org/RLSA-2023:0837</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c">https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-4415">https://nvd.nist.gov/vuln/detail/CVE-2022-4415</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://www.openwall.com/lists/oss-security/2022/12/21/3">https://www.openwall.com/lists/oss-security/2022/12/21/3</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/418">https://gitlab.freedesktop.org/dbus/dbus/-/issues/418</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42010.html">https://linux.oracle.com/cve/CVE-2022-42010.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42010">https://nvd.nist.gov/vuln/detail/CVE-2022-42010</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a>
</td> </td>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus-libs</td> <td class="pkg-name">systemd-libs</td>
<td>CVE-2022-42011</td> <td>CVE-2022-4415</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">239-68.el8_7.2</td>
<td>1:1.12.8-23.el8_7.1</td> <td>239-68.el8_7.4</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="https://access.redhat.com/errata/RHSA-2023:0837">https://access.redhat.com/errata/RHSA-2023:0837</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42011">https://access.redhat.com/security/cve/CVE-2022-42011</a> <a href="https://access.redhat.com/security/cve/CVE-2022-4415">https://access.redhat.com/security/cve/CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://bugzilla.redhat.com/2155515">https://bugzilla.redhat.com/2155515</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2155515">https://bugzilla.redhat.com/show_bug.cgi?id=2155515</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2164049">https://bugzilla.redhat.com/show_bug.cgi?id=2164049</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://errata.almalinux.org/8/ALSA-2023-0837.html">https://errata.almalinux.org/8/ALSA-2023-0837.html</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://errata.rockylinux.org/RLSA-2023:0837">https://errata.rockylinux.org/RLSA-2023:0837</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c">https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-4415">https://nvd.nist.gov/vuln/detail/CVE-2022-4415</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://www.openwall.com/lists/oss-security/2022/12/21/3">https://www.openwall.com/lists/oss-security/2022/12/21/3</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/413">https://gitlab.freedesktop.org/dbus/dbus/-/issues/413</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42011.html">https://linux.oracle.com/cve/CVE-2022-42011.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42011">https://nvd.nist.gov/vuln/detail/CVE-2022-42011</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a>
</td> </td>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus-libs</td> <td class="pkg-name">systemd-pam</td>
<td>CVE-2022-42012</td> <td>CVE-2022-4415</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">239-68.el8_7.2</td>
<td>1:1.12.8-23.el8_7.1</td> <td>239-68.el8_7.4</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="https://access.redhat.com/errata/RHSA-2023:0837">https://access.redhat.com/errata/RHSA-2023:0837</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42012">https://access.redhat.com/security/cve/CVE-2022-42012</a> <a href="https://access.redhat.com/security/cve/CVE-2022-4415">https://access.redhat.com/security/cve/CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://bugzilla.redhat.com/2155515">https://bugzilla.redhat.com/2155515</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2155515">https://bugzilla.redhat.com/show_bug.cgi?id=2155515</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2164049">https://bugzilla.redhat.com/show_bug.cgi?id=2164049</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://errata.almalinux.org/8/ALSA-2023-0837.html">https://errata.almalinux.org/8/ALSA-2023-0837.html</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://errata.rockylinux.org/RLSA-2023:0837">https://errata.rockylinux.org/RLSA-2023:0837</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c">https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-4415">https://nvd.nist.gov/vuln/detail/CVE-2022-4415</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://www.openwall.com/lists/oss-security/2022/12/21/3">https://www.openwall.com/lists/oss-security/2022/12/21/3</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/417">https://gitlab.freedesktop.org/dbus/dbus/-/issues/417</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42012.html">https://linux.oracle.com/cve/CVE-2022-42012.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42012">https://nvd.nist.gov/vuln/detail/CVE-2022-42012</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a>
</td> </td>
</tr> </tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">dbus-tools</td> <td class="pkg-name">tar</td>
<td>CVE-2022-42010</td> <td>CVE-2022-48303</td>
<td class="severity">MEDIUM</td> <td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td> <td class="pkg-version">2:1.30-6.el8</td>
<td>1:1.12.8-23.el8_7.1</td> <td>2:1.30-6.el8_7.1</td>
<td class="links" data-more-links="off"> <td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a> <a href="https://access.redhat.com/errata/RHSA-2023:0842">https://access.redhat.com/errata/RHSA-2023:0842</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42010">https://access.redhat.com/security/cve/CVE-2022-42010</a> <a href="https://access.redhat.com/security/cve/CVE-2022-48303">https://access.redhat.com/security/cve/CVE-2022-48303</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a> <a href="https://bugzilla.redhat.com/2149722">https://bugzilla.redhat.com/2149722</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2149722">https://bugzilla.redhat.com/show_bug.cgi?id=2149722</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a> <a href="https://errata.almalinux.org/8/ALSA-2023-0842.html">https://errata.almalinux.org/8/ALSA-2023-0842.html</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a> <a href="https://errata.rockylinux.org/RLSA-2023:0842">https://errata.rockylinux.org/RLSA-2023:0842</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a> <a href="https://linux.oracle.com/cve/CVE-2022-48303.html">https://linux.oracle.com/cve/CVE-2022-48303.html</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a> <a href="https://linux.oracle.com/errata/ELSA-2023-0842.html">https://linux.oracle.com/errata/ELSA-2023-0842.html</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a> <a href="https://savannah.gnu.org/bugs/?62387">https://savannah.gnu.org/bugs/?62387</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a> <a href="https://savannah.gnu.org/patch/?10307">https://savannah.gnu.org/patch/?10307</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/418">https://gitlab.freedesktop.org/dbus/dbus/-/issues/418</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42010.html">https://linux.oracle.com/cve/CVE-2022-42010.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42010">https://nvd.nist.gov/vuln/detail/CVE-2022-42010</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">dbus-tools</td>
<td>CVE-2022-42011</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td>
<td>1:1.12.8-23.el8_7.1</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42011">https://access.redhat.com/security/cve/CVE-2022-42011</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/413">https://gitlab.freedesktop.org/dbus/dbus/-/issues/413</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42011.html">https://linux.oracle.com/cve/CVE-2022-42011.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42011">https://nvd.nist.gov/vuln/detail/CVE-2022-42011</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">dbus-tools</td>
<td>CVE-2022-42012</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">1:1.12.8-23.el8</td>
<td>1:1.12.8-23.el8_7.1</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0335">https://access.redhat.com/errata/RHSA-2023:0335</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-42012">https://access.redhat.com/security/cve/CVE-2022-42012</a>
<a href="https://bugzilla.redhat.com/2133616">https://bugzilla.redhat.com/2133616</a>
<a href="https://bugzilla.redhat.com/2133617">https://bugzilla.redhat.com/2133617</a>
<a href="https://bugzilla.redhat.com/2133618">https://bugzilla.redhat.com/2133618</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133616">https://bugzilla.redhat.com/show_bug.cgi?id=2133616</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133617">https://bugzilla.redhat.com/show_bug.cgi?id=2133617</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2133618">https://bugzilla.redhat.com/show_bug.cgi?id=2133618</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0335.html">https://errata.almalinux.org/9/ALSA-2023-0335.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0335">https://errata.rockylinux.org/RLSA-2023:0335</a>
<a href="https://gitlab.freedesktop.org/dbus/dbus/-/issues/417">https://gitlab.freedesktop.org/dbus/dbus/-/issues/417</a>
<a href="https://linux.oracle.com/cve/CVE-2022-42012.html">https://linux.oracle.com/cve/CVE-2022-42012.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0335.html">https://linux.oracle.com/errata/ELSA-2023-0335.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42012">https://nvd.nist.gov/vuln/detail/CVE-2022-42012</a>
<a href="https://ubuntu.com/security/notices/USN-5704-1">https://ubuntu.com/security/notices/USN-5704-1</a>
<a href="https://www.openwall.com/lists/oss-security/2022/10/06/1">https://www.openwall.com/lists/oss-security/2022/10/06/1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">expat</td>
<td>CVE-2022-43680</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">2.2.5-10.el8</td>
<td>2.2.5-10.el8_7.1</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0337">https://access.redhat.com/errata/RHSA-2023:0337</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-43680">https://access.redhat.com/security/cve/CVE-2022-43680</a>
<a href="https://bugzilla.redhat.com/2140059">https://bugzilla.redhat.com/2140059</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2140059">https://bugzilla.redhat.com/show_bug.cgi?id=2140059</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0337.html">https://errata.almalinux.org/9/ALSA-2023-0337.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0337">https://errata.rockylinux.org/RLSA-2023:0337</a>
<a href="https://github.com/libexpat/libexpat/issues/649">https://github.com/libexpat/libexpat/issues/649</a>
<a href="https://github.com/libexpat/libexpat/pull/616">https://github.com/libexpat/libexpat/pull/616</a>
<a href="https://github.com/libexpat/libexpat/pull/650">https://github.com/libexpat/libexpat/pull/650</a>
<a href="https://linux.oracle.com/cve/CVE-2022-43680.html">https://linux.oracle.com/cve/CVE-2022-43680.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0337.html">https://linux.oracle.com/errata/ELSA-2023-0337.html</a>
<a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html">https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-43680">https://nvd.nist.gov/vuln/detail/CVE-2022-43680</a>
<a href="https://security.gentoo.org/glsa/202210-38">https://security.gentoo.org/glsa/202210-38</a>
<a href="https://security.netapp.com/advisory/ntap-20221118-0007/">https://security.netapp.com/advisory/ntap-20221118-0007/</a>
<a href="https://ubuntu.com/security/notices/USN-5638-2">https://ubuntu.com/security/notices/USN-5638-2</a>
<a href="https://ubuntu.com/security/notices/USN-5638-3">https://ubuntu.com/security/notices/USN-5638-3</a>
<a href="https://www.debian.org/security/2022/dsa-5266">https://www.debian.org/security/2022/dsa-5266</a>
</td>
</tr>
<tr class="severity-HIGH">
<td class="pkg-name">libksba</td>
<td>CVE-2022-47629</td>
<td class="severity">HIGH</td>
<td class="pkg-version">1.3.5-8.el8_6</td>
<td>1.3.5-9.el8_7</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0626">https://access.redhat.com/errata/RHSA-2023:0626</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-47629">https://access.redhat.com/security/cve/CVE-2022-47629</a>
<a href="https://bugzilla.redhat.com/2161571">https://bugzilla.redhat.com/2161571</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2161571">https://bugzilla.redhat.com/show_bug.cgi?id=2161571</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47629">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47629</a>
<a href="https://dev.gnupg.org/T6284">https://dev.gnupg.org/T6284</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0626.html">https://errata.almalinux.org/9/ALSA-2023-0626.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0626">https://errata.rockylinux.org/RLSA-2023:0626</a>
<a href="https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070">https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070</a>
<a href="https://gnupg.org/blog/20221017-pepe-left-the-ksba.html">https://gnupg.org/blog/20221017-pepe-left-the-ksba.html</a>
<a href="https://linux.oracle.com/cve/CVE-2022-47629.html">https://linux.oracle.com/cve/CVE-2022-47629.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0626.html">https://linux.oracle.com/errata/ELSA-2023-0626.html</a>
<a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html">https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-47629">https://nvd.nist.gov/vuln/detail/CVE-2022-47629</a>
<a href="https://security.gentoo.org/glsa/202212-07">https://security.gentoo.org/glsa/202212-07</a>
<a href="https://ubuntu.com/security/notices/USN-5787-1">https://ubuntu.com/security/notices/USN-5787-1</a>
<a href="https://ubuntu.com/security/notices/USN-5787-2">https://ubuntu.com/security/notices/USN-5787-2</a>
<a href="https://www.debian.org/security/2022/dsa-5305">https://www.debian.org/security/2022/dsa-5305</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">libtasn1</td>
<td>CVE-2021-46848</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">4.13-3.el8</td>
<td>4.13-4.el8_7</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0343">https://access.redhat.com/errata/RHSA-2023:0343</a>
<a href="https://access.redhat.com/security/cve/CVE-2021-46848">https://access.redhat.com/security/cve/CVE-2021-46848</a>
<a href="https://bugs.gentoo.org/866237">https://bugs.gentoo.org/866237</a>
<a href="https://bugzilla.redhat.com/2140058">https://bugzilla.redhat.com/2140058</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2140058">https://bugzilla.redhat.com/show_bug.cgi?id=2140058</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0343.html">https://errata.almalinux.org/9/ALSA-2023-0343.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0343">https://errata.rockylinux.org/RLSA-2023:0343</a>
<a href="https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5">https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5</a>
<a href="https://gitlab.com/gnutls/libtasn1/-/issues/32">https://gitlab.com/gnutls/libtasn1/-/issues/32</a>
<a href="https://linux.oracle.com/cve/CVE-2021-46848.html">https://linux.oracle.com/cve/CVE-2021-46848.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0343.html">https://linux.oracle.com/errata/ELSA-2023-0343.html</a>
<a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html">https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2021-46848">https://nvd.nist.gov/vuln/detail/CVE-2021-46848</a>
<a href="https://security.netapp.com/advisory/ntap-20221118-0006/">https://security.netapp.com/advisory/ntap-20221118-0006/</a>
<a href="https://ubuntu.com/security/notices/USN-5707-1">https://ubuntu.com/security/notices/USN-5707-1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">libxml2</td>
<td>CVE-2022-40303</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">2.9.7-15.el8</td>
<td>2.9.7-15.el8_7.1</td>
<td class="links" data-more-links="off">
<a href="http://seclists.org/fulldisclosure/2022/Dec/21">http://seclists.org/fulldisclosure/2022/Dec/21</a>
<a href="http://seclists.org/fulldisclosure/2022/Dec/24">http://seclists.org/fulldisclosure/2022/Dec/24</a>
<a href="http://seclists.org/fulldisclosure/2022/Dec/25">http://seclists.org/fulldisclosure/2022/Dec/25</a>
<a href="http://seclists.org/fulldisclosure/2022/Dec/26">http://seclists.org/fulldisclosure/2022/Dec/26</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0338">https://access.redhat.com/errata/RHSA-2023:0338</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-40303">https://access.redhat.com/security/cve/CVE-2022-40303</a>
<a href="https://bugzilla.redhat.com/2136266">https://bugzilla.redhat.com/2136266</a>
<a href="https://bugzilla.redhat.com/2136288">https://bugzilla.redhat.com/2136288</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2136266">https://bugzilla.redhat.com/show_bug.cgi?id=2136266</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2136288">https://bugzilla.redhat.com/show_bug.cgi?id=2136288</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0338.html">https://errata.almalinux.org/9/ALSA-2023-0338.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0338">https://errata.rockylinux.org/RLSA-2023:0338</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0">https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3">https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3</a>
<a href="https://linux.oracle.com/cve/CVE-2022-40303.html">https://linux.oracle.com/cve/CVE-2022-40303.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0338.html">https://linux.oracle.com/errata/ELSA-2023-0338.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40303">https://nvd.nist.gov/vuln/detail/CVE-2022-40303</a>
<a href="https://security.netapp.com/advisory/ntap-20221209-0003/">https://security.netapp.com/advisory/ntap-20221209-0003/</a>
<a href="https://support.apple.com/kb/HT213531">https://support.apple.com/kb/HT213531</a>
<a href="https://support.apple.com/kb/HT213533">https://support.apple.com/kb/HT213533</a>
<a href="https://support.apple.com/kb/HT213534">https://support.apple.com/kb/HT213534</a>
<a href="https://support.apple.com/kb/HT213535">https://support.apple.com/kb/HT213535</a>
<a href="https://support.apple.com/kb/HT213536">https://support.apple.com/kb/HT213536</a>
<a href="https://ubuntu.com/security/notices/USN-5760-1">https://ubuntu.com/security/notices/USN-5760-1</a>
<a href="https://ubuntu.com/security/notices/USN-5760-2">https://ubuntu.com/security/notices/USN-5760-2</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">libxml2</td>
<td>CVE-2022-40304</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">2.9.7-15.el8</td>
<td>2.9.7-15.el8_7.1</td>
<td class="links" data-more-links="off">
<a href="http://seclists.org/fulldisclosure/2022/Dec/21">http://seclists.org/fulldisclosure/2022/Dec/21</a>
<a href="http://seclists.org/fulldisclosure/2022/Dec/24">http://seclists.org/fulldisclosure/2022/Dec/24</a>
<a href="http://seclists.org/fulldisclosure/2022/Dec/25">http://seclists.org/fulldisclosure/2022/Dec/25</a>
<a href="http://seclists.org/fulldisclosure/2022/Dec/26">http://seclists.org/fulldisclosure/2022/Dec/26</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0338">https://access.redhat.com/errata/RHSA-2023:0338</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-40304">https://access.redhat.com/security/cve/CVE-2022-40304</a>
<a href="https://bugzilla.redhat.com/2136266">https://bugzilla.redhat.com/2136266</a>
<a href="https://bugzilla.redhat.com/2136288">https://bugzilla.redhat.com/2136288</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2136266">https://bugzilla.redhat.com/show_bug.cgi?id=2136266</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2136288">https://bugzilla.redhat.com/show_bug.cgi?id=2136288</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0338.html">https://errata.almalinux.org/9/ALSA-2023-0338.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0338">https://errata.rockylinux.org/RLSA-2023:0338</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b">https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/tags">https://gitlab.gnome.org/GNOME/libxml2/-/tags</a>
<a href="https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3">https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3</a>
<a href="https://linux.oracle.com/cve/CVE-2022-40304.html">https://linux.oracle.com/cve/CVE-2022-40304.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0338.html">https://linux.oracle.com/errata/ELSA-2023-0338.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40304">https://nvd.nist.gov/vuln/detail/CVE-2022-40304</a>
<a href="https://security.netapp.com/advisory/ntap-20221209-0003/">https://security.netapp.com/advisory/ntap-20221209-0003/</a>
<a href="https://support.apple.com/kb/HT213531">https://support.apple.com/kb/HT213531</a>
<a href="https://support.apple.com/kb/HT213533">https://support.apple.com/kb/HT213533</a>
<a href="https://support.apple.com/kb/HT213534">https://support.apple.com/kb/HT213534</a>
<a href="https://support.apple.com/kb/HT213535">https://support.apple.com/kb/HT213535</a>
<a href="https://support.apple.com/kb/HT213536">https://support.apple.com/kb/HT213536</a>
<a href="https://ubuntu.com/security/notices/USN-5760-1">https://ubuntu.com/security/notices/USN-5760-1</a>
<a href="https://ubuntu.com/security/notices/USN-5760-2">https://ubuntu.com/security/notices/USN-5760-2</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">sqlite-libs</td>
<td>CVE-2022-35737</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">3.26.0-16.el8_6</td>
<td>3.26.0-17.el8_7</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0339">https://access.redhat.com/errata/RHSA-2023:0339</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-35737">https://access.redhat.com/security/cve/CVE-2022-35737</a>
<a href="https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/">https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/</a>
<a href="https://bugzilla.redhat.com/2110291">https://bugzilla.redhat.com/2110291</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2110291">https://bugzilla.redhat.com/show_bug.cgi?id=2110291</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0339.html">https://errata.almalinux.org/9/ALSA-2023-0339.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0339">https://errata.rockylinux.org/RLSA-2023:0339</a>
<a href="https://github.com/advisories/GHSA-jw36-hf63-69r9">https://github.com/advisories/GHSA-jw36-hf63-69r9</a>
<a href="https://kb.cert.org/vuls/id/720344">https://kb.cert.org/vuls/id/720344</a>
<a href="https://linux.oracle.com/cve/CVE-2022-35737.html">https://linux.oracle.com/cve/CVE-2022-35737.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0339.html">https://linux.oracle.com/errata/ELSA-2023-0339.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-35737">https://nvd.nist.gov/vuln/detail/CVE-2022-35737</a>
<a href="https://rustsec.org/advisories/RUSTSEC-2022-0090.html">https://rustsec.org/advisories/RUSTSEC-2022-0090.html</a>
<a href="https://security.gentoo.org/glsa/202210-40">https://security.gentoo.org/glsa/202210-40</a>
<a href="https://security.netapp.com/advisory/ntap-20220915-0009/">https://security.netapp.com/advisory/ntap-20220915-0009/</a>
<a href="https://sqlite.org/releaselog/3_39_2.html">https://sqlite.org/releaselog/3_39_2.html</a>
<a href="https://ubuntu.com/security/notices/USN-5712-1">https://ubuntu.com/security/notices/USN-5712-1</a>
<a href="https://ubuntu.com/security/notices/USN-5716-1">https://ubuntu.com/security/notices/USN-5716-1</a>
<a href="https://ubuntu.com/security/notices/USN-5716-2">https://ubuntu.com/security/notices/USN-5716-2</a>
<a href="https://www.sqlite.org/cves.html">https://www.sqlite.org/cves.html</a>
<a href="https://www.sqlite.org/releaselog/3_39_2.html">https://www.sqlite.org/releaselog/3_39_2.html</a>
</td> </td>
</tr> </tr>
<tr><th colspan="6">No Misconfigurations found</th></tr> <tr><th colspan="6">No Misconfigurations found</th></tr>

View File

@ -10,21 +10,21 @@
"name": "Trivy", "name": "Trivy",
"rules": [ "rules": [
{ {
"id": "CVE-2022-42010", "id": "CVE-2020-10735",
"name": "OsPackageVulnerability", "name": "OsPackageVulnerability",
"shortDescription": { "shortDescription": {
"text": "dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets" "text": "python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS"
}, },
"fullDescription": { "fullDescription": {
"text": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures." "text": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\u0026#34;text\u0026#34;), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability."
}, },
"defaultConfiguration": { "defaultConfiguration": {
"level": "warning" "level": "warning"
}, },
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-42010", "helpUri": "https://avd.aquasec.com/nvd/cve-2020-10735",
"help": { "help": {
"text": "Vulnerability CVE-2022-42010\nSeverity: MEDIUM\nPackage: dbus-tools\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42010](https://avd.aquasec.com/nvd/cve-2022-42010)\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "text": "Vulnerability CVE-2020-10735\nSeverity: MEDIUM\nPackage: python3-libs\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)\nA flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.",
"markdown": "**Vulnerability CVE-2022-42010**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|dbus-tools|1:1.12.8-23.el8_7.1|[CVE-2022-42010](https://avd.aquasec.com/nvd/cve-2022-42010)|\n\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures." "markdown": "**Vulnerability CVE-2020-10735**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|python3-libs|3.6.8-48.el8_7.1.rocky.0|[CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)|\n\nA flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability."
}, },
"properties": { "properties": {
"precision": "very-high", "precision": "very-high",
@ -37,21 +37,21 @@
} }
}, },
{ {
"id": "CVE-2022-42011", "id": "CVE-2021-28861",
"name": "OsPackageVulnerability", "name": "OsPackageVulnerability",
"shortDescription": { "shortDescription": {
"text": "dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type" "text": "python: open redirection vulnerability in lib/http/server.py may lead to information disclosure"
}, },
"fullDescription": { "fullDescription": {
"text": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type." "text": "** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \u0026#34;Warning: http.server is not recommended for production. It only implements basic security checks.\u0026#34;"
}, },
"defaultConfiguration": { "defaultConfiguration": {
"level": "warning" "level": "warning"
}, },
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-42011", "helpUri": "https://avd.aquasec.com/nvd/cve-2021-28861",
"help": { "help": {
"text": "Vulnerability CVE-2022-42011\nSeverity: MEDIUM\nPackage: dbus-tools\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42011](https://avd.aquasec.com/nvd/cve-2022-42011)\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.", "text": "Vulnerability CVE-2021-28861\nSeverity: MEDIUM\nPackage: python3-libs\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)\n** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"",
"markdown": "**Vulnerability CVE-2022-42011**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|dbus-tools|1:1.12.8-23.el8_7.1|[CVE-2022-42011](https://avd.aquasec.com/nvd/cve-2022-42011)|\n\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type." "markdown": "**Vulnerability CVE-2021-28861**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|python3-libs|3.6.8-48.el8_7.1.rocky.0|[CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)|\n\n** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\""
}, },
"properties": { "properties": {
"precision": "very-high", "precision": "very-high",
@ -64,21 +64,21 @@
} }
}, },
{ {
"id": "CVE-2022-42012", "id": "CVE-2022-45061",
"name": "OsPackageVulnerability", "name": "OsPackageVulnerability",
"shortDescription": { "shortDescription": {
"text": "dbus: `_dbus_marshal_byteswap` doesn\u0026#39;t process fds in messages with \u0026#34;foreign\u0026#34; endianness correctly" "text": "Python: CPU denial of service via inefficient IDNA decoder"
}, },
"fullDescription": { "fullDescription": {
"text": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format." "text": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."
}, },
"defaultConfiguration": { "defaultConfiguration": {
"level": "warning" "level": "warning"
}, },
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-42012", "helpUri": "https://avd.aquasec.com/nvd/cve-2022-45061",
"help": { "help": {
"text": "Vulnerability CVE-2022-42012\nSeverity: MEDIUM\nPackage: dbus-tools\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42012](https://avd.aquasec.com/nvd/cve-2022-42012)\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.", "text": "Vulnerability CVE-2022-45061\nSeverity: MEDIUM\nPackage: python3-libs\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)\nAn issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.",
"markdown": "**Vulnerability CVE-2022-42012**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|dbus-tools|1:1.12.8-23.el8_7.1|[CVE-2022-42012](https://avd.aquasec.com/nvd/cve-2022-42012)|\n\nAn issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format." "markdown": "**Vulnerability CVE-2022-45061**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|python3-libs|3.6.8-48.el8_7.1.rocky.0|[CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)|\n\nAn issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."
}, },
"properties": { "properties": {
"precision": "very-high", "precision": "very-high",
@ -91,21 +91,21 @@
} }
}, },
{ {
"id": "CVE-2022-43680", "id": "CVE-2022-4415",
"name": "OsPackageVulnerability", "name": "OsPackageVulnerability",
"shortDescription": { "shortDescription": {
"text": "expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate" "text": "systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting"
}, },
"fullDescription": { "fullDescription": {
"text": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations." "text": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting."
}, },
"defaultConfiguration": { "defaultConfiguration": {
"level": "warning" "level": "warning"
}, },
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-43680", "helpUri": "https://avd.aquasec.com/nvd/cve-2022-4415",
"help": { "help": {
"text": "Vulnerability CVE-2022-43680\nSeverity: MEDIUM\nPackage: expat\nFixed Version: 2.2.5-10.el8_7.1\nLink: [CVE-2022-43680](https://avd.aquasec.com/nvd/cve-2022-43680)\nIn libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.", "text": "Vulnerability CVE-2022-4415\nSeverity: MEDIUM\nPackage: systemd-pam\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)\nA vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.",
"markdown": "**Vulnerability CVE-2022-43680**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|expat|2.2.5-10.el8_7.1|[CVE-2022-43680](https://avd.aquasec.com/nvd/cve-2022-43680)|\n\nIn libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations." "markdown": "**Vulnerability CVE-2022-4415**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|systemd-pam|239-68.el8_7.4|[CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)|\n\nA vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting."
}, },
"properties": { "properties": {
"precision": "very-high", "precision": "very-high",
@ -118,129 +118,21 @@
} }
}, },
{ {
"id": "CVE-2022-47629", "id": "CVE-2022-48303",
"name": "OsPackageVulnerability", "name": "OsPackageVulnerability",
"shortDescription": { "shortDescription": {
"text": "libksba: integer overflow to code execution" "text": "tar: heap buffer overflow at from_header() in list.c via specially crafted checksum"
}, },
"fullDescription": { "fullDescription": {
"text": "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser." "text": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-47629",
"help": {
"text": "Vulnerability CVE-2022-47629\nSeverity: HIGH\nPackage: libksba\nFixed Version: 1.3.5-9.el8_7\nLink: [CVE-2022-47629](https://avd.aquasec.com/nvd/cve-2022-47629)\nLibksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.",
"markdown": "**Vulnerability CVE-2022-47629**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|libksba|1.3.5-9.el8_7|[CVE-2022-47629](https://avd.aquasec.com/nvd/cve-2022-47629)|\n\nLibksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser."
},
"properties": {
"precision": "very-high",
"security-severity": "8.0",
"tags": [
"vulnerability",
"security",
"HIGH"
]
}
},
{
"id": "CVE-2021-46848",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "libtasn1: Out-of-bound access in ETYPE_OK"
},
"fullDescription": {
"text": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der."
}, },
"defaultConfiguration": { "defaultConfiguration": {
"level": "warning" "level": "warning"
}, },
"helpUri": "https://avd.aquasec.com/nvd/cve-2021-46848", "helpUri": "https://avd.aquasec.com/nvd/cve-2022-48303",
"help": { "help": {
"text": "Vulnerability CVE-2021-46848\nSeverity: MEDIUM\nPackage: libtasn1\nFixed Version: 4.13-4.el8_7\nLink: [CVE-2021-46848](https://avd.aquasec.com/nvd/cve-2021-46848)\nGNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "text": "Vulnerability CVE-2022-48303\nSeverity: MEDIUM\nPackage: tar\nFixed Version: 2:1.30-6.el8_7.1\nLink: [CVE-2022-48303](https://avd.aquasec.com/nvd/cve-2022-48303)\nGNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.",
"markdown": "**Vulnerability CVE-2021-46848**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|libtasn1|4.13-4.el8_7|[CVE-2021-46848](https://avd.aquasec.com/nvd/cve-2021-46848)|\n\nGNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der." "markdown": "**Vulnerability CVE-2022-48303**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|tar|2:1.30-6.el8_7.1|[CVE-2022-48303](https://avd.aquasec.com/nvd/cve-2022-48303)|\n\nGNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-40303",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "libxml2: integer overflows with XML_PARSE_HUGE"
},
"fullDescription": {
"text": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-40303",
"help": {
"text": "Vulnerability CVE-2022-40303\nSeverity: MEDIUM\nPackage: libxml2\nFixed Version: 2.9.7-15.el8_7.1\nLink: [CVE-2022-40303](https://avd.aquasec.com/nvd/cve-2022-40303)\nAn issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.",
"markdown": "**Vulnerability CVE-2022-40303**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|libxml2|2.9.7-15.el8_7.1|[CVE-2022-40303](https://avd.aquasec.com/nvd/cve-2022-40303)|\n\nAn issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-40304",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "libxml2: dict corruption caused by entity reference cycles"
},
"fullDescription": {
"text": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-40304",
"help": {
"text": "Vulnerability CVE-2022-40304\nSeverity: MEDIUM\nPackage: libxml2\nFixed Version: 2.9.7-15.el8_7.1\nLink: [CVE-2022-40304](https://avd.aquasec.com/nvd/cve-2022-40304)\nAn issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",
"markdown": "**Vulnerability CVE-2022-40304**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|libxml2|2.9.7-15.el8_7.1|[CVE-2022-40304](https://avd.aquasec.com/nvd/cve-2022-40304)|\n\nAn issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-35737",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API"
},
"fullDescription": {
"text": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-35737",
"help": {
"text": "Vulnerability CVE-2022-35737\nSeverity: MEDIUM\nPackage: sqlite-libs\nFixed Version: 3.26.0-17.el8_7\nLink: [CVE-2022-35737](https://avd.aquasec.com/nvd/cve-2022-35737)\nSQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.",
"markdown": "**Vulnerability CVE-2022-35737**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|sqlite-libs|3.26.0-17.el8_7|[CVE-2022-35737](https://avd.aquasec.com/nvd/cve-2022-35737)|\n\nSQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API."
}, },
"properties": { "properties": {
"precision": "very-high", "precision": "very-high",
@ -258,11 +150,11 @@
}, },
"results": [ "results": [
{ {
"ruleId": "CVE-2022-42010", "ruleId": "CVE-2020-10735",
"ruleIndex": 0, "ruleIndex": 0,
"level": "warning", "level": "warning",
"message": { "message": {
"text": "Package: dbus\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42010\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42010](https://avd.aquasec.com/nvd/cve-2022-42010)" "text": "Package: platform-python\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2020-10735\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)"
}, },
"locations": [ "locations": [
{ {
@ -279,17 +171,17 @@
} }
}, },
"message": { "message": {
"text": "rockylinux/rockylinux: dbus@1:1.12.8-23.el8" "text": "rockylinux/rockylinux: platform-python@3.6.8-48.el8_7.rocky.0"
} }
} }
] ]
}, },
{ {
"ruleId": "CVE-2022-42011", "ruleId": "CVE-2021-28861",
"ruleIndex": 1, "ruleIndex": 1,
"level": "warning", "level": "warning",
"message": { "message": {
"text": "Package: dbus\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42011\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42011](https://avd.aquasec.com/nvd/cve-2022-42011)" "text": "Package: platform-python\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2021-28861\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)"
}, },
"locations": [ "locations": [
{ {
@ -306,17 +198,17 @@
} }
}, },
"message": { "message": {
"text": "rockylinux/rockylinux: dbus@1:1.12.8-23.el8" "text": "rockylinux/rockylinux: platform-python@3.6.8-48.el8_7.rocky.0"
} }
} }
] ]
}, },
{ {
"ruleId": "CVE-2022-42012", "ruleId": "CVE-2022-45061",
"ruleIndex": 2, "ruleIndex": 2,
"level": "warning", "level": "warning",
"message": { "message": {
"text": "Package: dbus\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42012\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42012](https://avd.aquasec.com/nvd/cve-2022-42012)" "text": "Package: platform-python\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2022-45061\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)"
}, },
"locations": [ "locations": [
{ {
@ -333,17 +225,17 @@
} }
}, },
"message": { "message": {
"text": "rockylinux/rockylinux: dbus@1:1.12.8-23.el8" "text": "rockylinux/rockylinux: platform-python@3.6.8-48.el8_7.rocky.0"
} }
} }
] ]
}, },
{ {
"ruleId": "CVE-2022-42010", "ruleId": "CVE-2020-10735",
"ruleIndex": 0, "ruleIndex": 0,
"level": "warning", "level": "warning",
"message": { "message": {
"text": "Package: dbus-daemon\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42010\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42010](https://avd.aquasec.com/nvd/cve-2022-42010)" "text": "Package: python3-libs\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2020-10735\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)"
}, },
"locations": [ "locations": [
{ {
@ -360,17 +252,17 @@
} }
}, },
"message": { "message": {
"text": "rockylinux/rockylinux: dbus-daemon@1:1.12.8-23.el8" "text": "rockylinux/rockylinux: python3-libs@3.6.8-48.el8_7.rocky.0"
} }
} }
] ]
}, },
{ {
"ruleId": "CVE-2022-42011", "ruleId": "CVE-2021-28861",
"ruleIndex": 1, "ruleIndex": 1,
"level": "warning", "level": "warning",
"message": { "message": {
"text": "Package: dbus-daemon\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42011\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42011](https://avd.aquasec.com/nvd/cve-2022-42011)" "text": "Package: python3-libs\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2021-28861\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)"
}, },
"locations": [ "locations": [
{ {
@ -387,17 +279,17 @@
} }
}, },
"message": { "message": {
"text": "rockylinux/rockylinux: dbus-daemon@1:1.12.8-23.el8" "text": "rockylinux/rockylinux: python3-libs@3.6.8-48.el8_7.rocky.0"
} }
} }
] ]
}, },
{ {
"ruleId": "CVE-2022-42012", "ruleId": "CVE-2022-45061",
"ruleIndex": 2, "ruleIndex": 2,
"level": "warning", "level": "warning",
"message": { "message": {
"text": "Package: dbus-daemon\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42012\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42012](https://avd.aquasec.com/nvd/cve-2022-42012)" "text": "Package: python3-libs\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2022-45061\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)"
}, },
"locations": [ "locations": [
{ {
@ -414,179 +306,17 @@
} }
}, },
"message": { "message": {
"text": "rockylinux/rockylinux: dbus-daemon@1:1.12.8-23.el8" "text": "rockylinux/rockylinux: python3-libs@3.6.8-48.el8_7.rocky.0"
} }
} }
] ]
}, },
{ {
"ruleId": "CVE-2022-42010", "ruleId": "CVE-2022-4415",
"ruleIndex": 0,
"level": "warning",
"message": {
"text": "Package: dbus-libs\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42010\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42010](https://avd.aquasec.com/nvd/cve-2022-42010)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: dbus-libs@1:1.12.8-23.el8"
}
}
]
},
{
"ruleId": "CVE-2022-42011",
"ruleIndex": 1,
"level": "warning",
"message": {
"text": "Package: dbus-libs\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42011\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42011](https://avd.aquasec.com/nvd/cve-2022-42011)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: dbus-libs@1:1.12.8-23.el8"
}
}
]
},
{
"ruleId": "CVE-2022-42012",
"ruleIndex": 2,
"level": "warning",
"message": {
"text": "Package: dbus-libs\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42012\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42012](https://avd.aquasec.com/nvd/cve-2022-42012)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: dbus-libs@1:1.12.8-23.el8"
}
}
]
},
{
"ruleId": "CVE-2022-42010",
"ruleIndex": 0,
"level": "warning",
"message": {
"text": "Package: dbus-tools\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42010\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42010](https://avd.aquasec.com/nvd/cve-2022-42010)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: dbus-tools@1:1.12.8-23.el8"
}
}
]
},
{
"ruleId": "CVE-2022-42011",
"ruleIndex": 1,
"level": "warning",
"message": {
"text": "Package: dbus-tools\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42011\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42011](https://avd.aquasec.com/nvd/cve-2022-42011)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: dbus-tools@1:1.12.8-23.el8"
}
}
]
},
{
"ruleId": "CVE-2022-42012",
"ruleIndex": 2,
"level": "warning",
"message": {
"text": "Package: dbus-tools\nInstalled Version: 1:1.12.8-23.el8\nVulnerability CVE-2022-42012\nSeverity: MEDIUM\nFixed Version: 1:1.12.8-23.el8_7.1\nLink: [CVE-2022-42012](https://avd.aquasec.com/nvd/cve-2022-42012)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: dbus-tools@1:1.12.8-23.el8"
}
}
]
},
{
"ruleId": "CVE-2022-43680",
"ruleIndex": 3, "ruleIndex": 3,
"level": "warning", "level": "warning",
"message": { "message": {
"text": "Package: expat\nInstalled Version: 2.2.5-10.el8\nVulnerability CVE-2022-43680\nSeverity: MEDIUM\nFixed Version: 2.2.5-10.el8_7.1\nLink: [CVE-2022-43680](https://avd.aquasec.com/nvd/cve-2022-43680)" "text": "Package: systemd\nInstalled Version: 239-68.el8_7.2\nVulnerability CVE-2022-4415\nSeverity: MEDIUM\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)"
}, },
"locations": [ "locations": [
{ {
@ -603,44 +333,71 @@
} }
}, },
"message": { "message": {
"text": "rockylinux/rockylinux: expat@2.2.5-10.el8" "text": "rockylinux/rockylinux: systemd@239-68.el8_7.2"
} }
} }
] ]
}, },
{ {
"ruleId": "CVE-2022-47629", "ruleId": "CVE-2022-4415",
"ruleIndex": 3,
"level": "warning",
"message": {
"text": "Package: systemd-libs\nInstalled Version: 239-68.el8_7.2\nVulnerability CVE-2022-4415\nSeverity: MEDIUM\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: systemd-libs@239-68.el8_7.2"
}
}
]
},
{
"ruleId": "CVE-2022-4415",
"ruleIndex": 3,
"level": "warning",
"message": {
"text": "Package: systemd-pam\nInstalled Version: 239-68.el8_7.2\nVulnerability CVE-2022-4415\nSeverity: MEDIUM\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: systemd-pam@239-68.el8_7.2"
}
}
]
},
{
"ruleId": "CVE-2022-48303",
"ruleIndex": 4, "ruleIndex": 4,
"level": "error",
"message": {
"text": "Package: libksba\nInstalled Version: 1.3.5-8.el8_6\nVulnerability CVE-2022-47629\nSeverity: HIGH\nFixed Version: 1.3.5-9.el8_7\nLink: [CVE-2022-47629](https://avd.aquasec.com/nvd/cve-2022-47629)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: libksba@1.3.5-8.el8_6"
}
}
]
},
{
"ruleId": "CVE-2021-46848",
"ruleIndex": 5,
"level": "warning", "level": "warning",
"message": { "message": {
"text": "Package: libtasn1\nInstalled Version: 4.13-3.el8\nVulnerability CVE-2021-46848\nSeverity: MEDIUM\nFixed Version: 4.13-4.el8_7\nLink: [CVE-2021-46848](https://avd.aquasec.com/nvd/cve-2021-46848)" "text": "Package: tar\nInstalled Version: 2:1.30-6.el8\nVulnerability CVE-2022-48303\nSeverity: MEDIUM\nFixed Version: 2:1.30-6.el8_7.1\nLink: [CVE-2022-48303](https://avd.aquasec.com/nvd/cve-2022-48303)"
}, },
"locations": [ "locations": [
{ {
@ -657,88 +414,7 @@
} }
}, },
"message": { "message": {
"text": "rockylinux/rockylinux: libtasn1@4.13-3.el8" "text": "rockylinux/rockylinux: tar@2:1.30-6.el8"
}
}
]
},
{
"ruleId": "CVE-2022-40303",
"ruleIndex": 6,
"level": "warning",
"message": {
"text": "Package: libxml2\nInstalled Version: 2.9.7-15.el8\nVulnerability CVE-2022-40303\nSeverity: MEDIUM\nFixed Version: 2.9.7-15.el8_7.1\nLink: [CVE-2022-40303](https://avd.aquasec.com/nvd/cve-2022-40303)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: libxml2@2.9.7-15.el8"
}
}
]
},
{
"ruleId": "CVE-2022-40304",
"ruleIndex": 7,
"level": "warning",
"message": {
"text": "Package: libxml2\nInstalled Version: 2.9.7-15.el8\nVulnerability CVE-2022-40304\nSeverity: MEDIUM\nFixed Version: 2.9.7-15.el8_7.1\nLink: [CVE-2022-40304](https://avd.aquasec.com/nvd/cve-2022-40304)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: libxml2@2.9.7-15.el8"
}
}
]
},
{
"ruleId": "CVE-2022-35737",
"ruleIndex": 8,
"level": "warning",
"message": {
"text": "Package: sqlite-libs\nInstalled Version: 3.26.0-16.el8_6\nVulnerability CVE-2022-35737\nSeverity: MEDIUM\nFixed Version: 3.26.0-17.el8_7\nLink: [CVE-2022-35737](https://avd.aquasec.com/nvd/cve-2022-35737)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: sqlite-libs@3.26.0-16.el8_6"
} }
} }
] ]