Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12268 vulnerabilities

    CVE-2025-12799 (GCVE-0-2025-12799)

    Vulnerability from cvelistv5 – Published: 2026-07-07 16:18 – Updated: 2026-07-08 00:00
    VLAI
    Title
    Jastow: jastow cross-site scripting attack due to unsanitized uri
    Summary
    A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:36342 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36343 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36344 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36345 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-12799 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2413071 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1-9.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.40.0-7.redhat_00015.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 1:2.0.0-2.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.8.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.5-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.13.2-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.11.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.9.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.17.2-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.2-28.redhat_2.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.16.1-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.18.0-2.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.10-3.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.8.12-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.14.0-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.4-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.1.0-2.redhat_00010.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-5.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.30.32-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.6.6-5.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.84.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.14.18-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.8-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.0-2.Final_redhat_1.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.5-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:801.7.0-1.GA_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 1:3.33.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.10.1.202505221210-1.r_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.15.4-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.1-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.0-6.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.0-4.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.0-4.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.13-4.redhat_5.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.10.1-2.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:33.0.0-3.jre_redhat_00004.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.224-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.7.19-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.6.50-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.0.3-3.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.2.6-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.0.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.11-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.10.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.5-4.redhat_00006.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.5.14-5.redhat_00016.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.4.16-6.redhat_00011.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:15.0.21-1.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.3-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.18-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.18.4-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.18.4-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.8.0-3.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.4-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.1-5.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-3.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-3.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.1-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.1-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.2-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.6-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.3-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.3-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.0.0-6.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-3.redhat_00004.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.2-3.redhat_00006.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.4-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.7-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.1-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.9.3-4.redhat_00004.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.6.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-4.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.3-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.3-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.0.0-8.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.6-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.3.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.7.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.8-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.6.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.19-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.3-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:16.1.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.6-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.5.5-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:10.1.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.31-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-3.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.5.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.3.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.0-4.SP3_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.1.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.3.8-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.8.16-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.0-3.redhat_00009.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 1:5.3.23-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.2-1.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.12.7-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.9.6-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.11-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.1-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.9.0-3.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.1-1.Final_redhat_3.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.23.1-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:9.11.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.1.2-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.1-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.132-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.1.10-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:9.37.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:9.7.1-3.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.3.2-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.7-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.6.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.3-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.14-2.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.4-4.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.12-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.21-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.2.15-1.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.0-3.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.4-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.0.0-6.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.17-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.2.2-2.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.5.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.2-2.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.24-4.SP3_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.9-1.SP1_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.6-3.redhat_1.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-7.redhat_00010.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.1.6-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.1.7-4.GA_redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.1-4.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.7.0-2.Final_redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.3.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.6.9-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.4-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.4-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.1.1-11.GA_redhat_00019.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.Final.redhat.00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.5-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.0.0-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.6.3-5.redhat_00008.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.4-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.0-2.redhat_12.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.5-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.4-5.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.10-3.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.0.4-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.7.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:6.6.50-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:7.3.8-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 1:5.3.23-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.24-4.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.2.9-1.SP1_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.7-4.GA_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.6.9-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.1-11.GA_redhat_00019.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.10-3.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.0.4-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.7.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:6.6.50-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:7.3.8-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 1:5.3.23-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.24-4.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.2.9-1.SP1_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.7-4.GA_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.6.9-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.1-11.GA_redhat_00019.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2026-07-07 00:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.undertow.jastow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1-9.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis-native",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.0.0-2.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-aesh-extensions",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-aesh-readline",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-agroal",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-angus",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.5-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-angus-activation",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-antlr4",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.13.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-beanutils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-cli",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-codec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.17.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-collections",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.2-28.redhat_2.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-io",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.1-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-lang",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0-2.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-3.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf-xjc-utils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-mime4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.8.12-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-sshd",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.0-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-native",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.0.0-2.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-wildfly-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.4-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-asyncutil",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.0-2.redhat_00010.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-atinject",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-5.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-aws-java-sdk",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.30.32-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-azure-storage",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.6.6-5.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.84.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-byte-buddy",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.14.18-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-caffeine",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.8-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-commons-logging-jboss-logging",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-2.Final_redhat_1.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-cryptacular",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.5-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.7.0-1.GA_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-ecj",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:3.33.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eclipse-jgit",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.10.1.202505221210-1.r_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-elasticsearch",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.15.4-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-elytron-web",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-expressly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.0-6.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-fastinfoset",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-fge-btf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-4.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-fge-msg-simple",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-4.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-gnu-getopt",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.13-4.redhat_5.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-gson",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.1-2.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-failureaccess",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-3.jre_redhat_00004.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-h2database",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.224-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hal-console",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.19-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.50-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate-commons-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.0.3-3.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate-search",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.2.6-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hornetq",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.11-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hppc",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.10.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-httpcomponents-asyncclient",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.5-4.redhat_00006.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-httpcomponents-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.5.14-5.redhat_00016.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-httpcomponents-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.4.16-6.redhat_00011.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-infinispan",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:15.0.21-1.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-insights-java-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.3-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-installation-manager-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-ironjacamar",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.18-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-coreutils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-3.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-databind",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-dataformats-text",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-jaxrs-providers",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-modules-base",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-modules-java8",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-activation",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.4-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-annotation-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-5.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-authentication-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-3.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-authorization-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-3.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-batch-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-ejb-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-enterprise-concurrent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-enterprise-concurrent-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-enterprise-lang-model",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-interceptor-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-jms-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-json",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.6-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-json-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.3-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-mail",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.3-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-resource-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-security-enterprise-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-servlet-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.0.0-6.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-servlet-jsp-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-transaction-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-3.redhat_00004.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-validation-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.2-3.redhat_00006.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-websocket",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-ws-rs-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-xml-bind-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.4-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jandex",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.7-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jansi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jasypt",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.3-4.redhat_00004.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-java-classmate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javaee-jpa-spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-4.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javaee-security-soteria",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.3-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javaewah",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.3-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javapackages-tools",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.0.0-8.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxbintros",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jberet",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-aesh",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-cert-helper",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.3-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-classfilewriter",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-common-beans",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-dmr",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-ejb3-ext-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-ejb-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.8-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-genericjms",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-3.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-iiop-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-invocation",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-jakarta-xml-ws-api_4.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-logging",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.19-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-marshalling",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.3-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-metadata",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:16.1.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-modules",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.6-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-msc",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.5-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-openjdk-orb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:10.1.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-remoting",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.31-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-remoting-jmx",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-3.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-saaj-api_3.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-stdio",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-transaction-spi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-vfs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-weld-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.0-4.SP3_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-common",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-common-tools",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.8-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-jaxws-undertow-httpspi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-spi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-xnio-base",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.16-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jctools",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:5.3.23-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups-aws",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups-azure",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups-kubernetes",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-joda-time",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.12.7-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jose4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.9.6-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jsf-impl",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.11-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jsonb-spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.1-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-json-patch",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-3.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jul-to-slf4j-stub",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-1.Final_redhat_3.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-log4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.23.1-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-log4j2-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-lucene-solr",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.11.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-mod_cluster",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-narayana",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.1.2-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-neethi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.1-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.132-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-netty-transport-native-epoll",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.132-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-netty-xnio-transport",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.10-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-nimbus-jose-jwt",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.37.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-objectweb-asm",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.7.1-3.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-opensaml",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.3.2-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-parsson",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.7-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-pem-keystore",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-plexus-utils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-protoparser",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.3-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-protostream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.14-2.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-reactive-streams",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.4-4.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-reactivex-rxjava",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.12-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-reactivex-rxjava2",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.21-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resilience4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resteasy",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.2.15-1.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resteasy-extensions",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-3.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resteasy-spring",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.0-3.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-saaj-impl",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-shibboleth-java-support",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.0-6.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.17-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-snakeyaml",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-stax2-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.2-2.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-stax-ex",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-staxmapper",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-sun-istack-commons",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.2-2.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-4.SP3_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.9-1.SP1_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-vdx",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.6-3.redhat_1.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-velocity",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-7.redhat_00010.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-weld-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.6-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.7-4.GA_redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-client-config",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-4.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-common",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-2.Final_redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-discovery",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.9-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron-ee",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.4-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-http-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.4-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-11.GA_redhat_00019.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-naming-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-openssl",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-openssl-el10-x86_64",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.Final.redhat.00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-transaction-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.5-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-woodstox-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.0.0-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-ws-commons-XmlSchema",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wsdl4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.3-5.redhat_00008.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wss4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.4-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-xml-commons-resolver",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-2.redhat_12.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-xml-security",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.5-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-yasson",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.4-5.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-3.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-wildfly-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.4-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.7.0-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.50-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.8-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:5.3.23-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-4.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.9-1.SP1_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.7-4.GA_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.9-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-11.GA_redhat_00019.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-3.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-wildfly-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.4-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.7.0-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.50-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.8-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:5.3.23-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-4.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.9-1.SP1_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.7-4.GA_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.9-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-11.GA_redhat_00019.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap74-els-openjdk11-openshift-rhel8/eap74-els-openjdk11-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap74-els-openjdk17-openshift-rhel8/eap74-els-openjdk17-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap74-els-openjdk8-openshift-rhel8/eap74-els-openjdk8-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "io.undertow.jastow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jboss-eap-7/eap74-els-openjdk17-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jboss-eap-7/eap74-els-openjdk8-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.undertow.jastow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T00:00:08.461Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:36342",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36342"
            },
            {
              "name": "RHSA-2026:36343",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36343"
            },
            {
              "name": "RHSA-2026:36344",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36344"
            },
            {
              "name": "RHSA-2026:36345",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36345"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-12799"
            },
            {
              "name": "RHBZ#2413071",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413071"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-06T11:09:24.742Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Jastow: jastow cross-site scripting attack due to unsanitized uri",
          "workarounds": [
            {
              "lang": "en",
              "value": "It is possible to contruct successful attack vector if and only if customer or client is using embedded Undertow and Jastow together in their application and the following conditions are met:\n * Undertow was configured with UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL set to \u0027true\u0027 value\n * DeploymentInfo configured with setEscapeErrorMessage(true) method was passed to Undertow\u0027s Servlet Container instance"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-12799",
        "datePublished": "2026-07-07T16:18:57.555Z",
        "dateReserved": "2025-11-06T11:15:12.378Z",
        "dateUpdated": "2026-07-08T00:00:08.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14969 (GCVE-0-2026-14969)

    Vulnerability from cvelistv5 – Published: 2026-07-07 15:48 – Updated: 2026-07-07 16:11
    VLAI
    Title
    389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption
    Summary
    A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-329 - Generation of Predictable IV with CBC Mode
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14969 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2497735 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-07 15:32
    Credits
    Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T16:11:32.041523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T16:11:40.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12/389-ds-base",
              "product": "Red Hat Directory Server 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:13"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Directory Server 13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-07T15:32:28.365Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-329",
                  "description": "Generation of Predictable IV with CBC Mode",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:48:04.478Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14969"
            },
            {
              "name": "RHBZ#2497735",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497735"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-07T14:53:34.580Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T15:32:28.365Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: 389-ds-base: static initialization vector in aes-cbc/3des-cbc attribute encryption",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable attribute encryption if it is not required for the deployment. If attribute encryption is required, restrict filesystem access to the LDBM database directory (/var/lib/dirsrv/slapd-\u003cinstance\u003e/db/) to ensure only authorized administrators can read database files."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-329: Generation of Predictable IV with CBC Mode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14969",
        "datePublished": "2026-07-07T15:48:04.478Z",
        "dateReserved": "2026-07-07T15:32:40.440Z",
        "dateUpdated": "2026-07-07T16:11:40.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14935 (GCVE-0-2026-14935)

    Vulnerability from cvelistv5 – Published: 2026-07-07 15:37 – Updated: 2026-07-07 16:13
    VLAI
    Title
    Gstreamer: gstreamer: webrtcbin accepts remote sdp without a=fingerprint due to inverted presence check
    Summary
    A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-670 - Always-Incorrect Control Flow Implementation
    Assigner
    Impacted products
    Date Public
    2026-07-07 15:25
    Credits
    Red Hat would like to thank Clouditera Security (Clouditera), NSFOCUS (NSFOCUS), and Z.ai Security (Z.ai) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T16:13:21.634704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T16:13:27.854Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "gstreamer1-plugins-bad-free",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "gstreamer-plugins-bad-free",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "gstreamer1-plugins-bad-free",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "gstreamer-plugins-bad-free",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gstreamer1-plugins-bad-free",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gstreamer1-plugins-bad-free",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Clouditera Security (Clouditera), NSFOCUS (NSFOCUS), and Z.ai Security (Z.ai) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-07T15:25:24.763Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic vulnerability was found in GStreamer\u0027s webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-670",
                  "description": "Always-Incorrect Control Flow Implementation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:37:58.898Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14935"
            },
            {
              "name": "RHBZ#2497679",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497679"
            },
            {
              "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/98"
            },
            {
              "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5171"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-07T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T15:25:24.763Z",
              "value": "Made public."
            }
          ],
          "title": "Gstreamer: gstreamer: webrtcbin accepts remote sdp without a=fingerprint due to inverted presence check",
          "workarounds": [
            {
              "lang": "en",
              "value": "There is no complete mitigation for this vulnerability. The following measures can reduce risk:\n\n1. Ensure WebRTC signaling channels use TLS encryption to prevent SDP modification in transit.\n2. If WebRTC functionality is not required, remove the webrtcbin plugin shared object from the GStreamer plugins directory (typically /usr/lib64/gstreamer-1.0/libgstwebrtc.so)."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-670: Always-Incorrect Control Flow Implementation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14935",
        "datePublished": "2026-07-07T15:37:58.898Z",
        "dateReserved": "2026-07-07T11:25:35.489Z",
        "dateUpdated": "2026-07-07T16:13:27.854Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14940 (GCVE-0-2026-14940)

    Vulnerability from cvelistv5 – Published: 2026-07-07 13:54 – Updated: 2026-07-07 15:35
    VLAI
    Title
    389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn
    Summary
    A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated remote attacker can trigger this condition by sending an LDAP operation whose DN reaches the DN normalization routine, such as a search with a crafted base DN. This can corrupt heap memory and may cause denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14940 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2497697 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-07 12:01
    Credits
    Red Hat would like to thank Denis Rastyogin (ALT Linux) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T15:35:34.392277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T15:35:45.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12/389-ds-base",
              "product": "Red Hat Directory Server 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:13"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Directory Server 13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Denis Rastyogin (ALT Linux) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-07T12:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When\nnormalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a\nmultivalued nested Relative Distinguished Name (RDN), the server can write past the\nend of a heap allocation while sorting RDN attribute-value pairs. An unauthenticated\nremote attacker can trigger this condition by sending an LDAP operation whose DN\nreaches the DN normalization routine, such as a search with a crafted base DN. This\ncan corrupt heap memory and may cause denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T13:54:20.688Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14940"
            },
            {
              "name": "RHBZ#2497697",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497697"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-02T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T12:01:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14940",
        "datePublished": "2026-07-07T13:54:20.688Z",
        "dateReserved": "2026-07-07T12:01:04.779Z",
        "dateUpdated": "2026-07-07T15:35:45.502Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11610 (GCVE-0-2026-11610)

    Vulnerability from cvelistv5 – Published: 2026-07-07 09:17 – Updated: 2026-07-08 06:35
    VLAI
    Title
    389-ds-base: 389-ds-base: heap buffer overflow in sasl_io_recv() via padded sasl unbind
    Summary
    A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer without a bounds check in sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of attacker-controlled data to overflow the buffer, causing a denial of service (server crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, any enrolled host, or any service account can trigger this vulnerability over the network after authenticating via GSSAPI. The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow in schema.c only.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:36195 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36196 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36197 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36198 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36200 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36201 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36202 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36204 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36205 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36206 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36208 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36585 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-11610 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2484414 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Directory Server 11.5 E4S for RHEL 8 Unaffected: 8060020260702180044.0ca98e7e , < * (rpm)
        cpe:/a:redhat:directory_server_e4s:11.5::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.7 E4S for RHEL 8 Unaffected: 8080020260702180836.f969626e , < * (rpm)
        cpe:/a:redhat:directory_server_e4s:11.7::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.9 for RHEL 8 Unaffected: 8100020260702145313.37ed7c03 , < * (rpm)
        cpe:/a:redhat:directory_server:11.9::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.4 E4S for RHEL 9 Unaffected: 9040020260703055735.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server_e4s:12.4::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.2.0-8.el10_2 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.3.11.1-13.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020260626120929.25e700aa , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 8040020260629123121.96015a92 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 8040020260629123121.96015a92 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020260626130540.824efc52 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Unaffected: 8060020260626130540.824efc52 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6::appstream
        cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 8080020260630025241.6dbb3803 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 8080020260630025241.6dbb3803 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8::appstream
        cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.8.0-8.el9_8 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.2.4-19.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Unaffected: 0:2.4.5-26.el9_4 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12     cpe:/a:redhat:directory_server:12
    Create a notification for this product.
    Red Hat Red Hat Directory Server 13     cpe:/a:redhat:directory_server:13
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2026-07-07 09:00
    Credits
    This issue was discovered by Ian Murphy (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_e4s:11.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8060020260702180044.0ca98e7e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_e4s:11.7::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.7 E4S for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020260702180836.f969626e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.9 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020260702145313.37ed7c03",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_e4s:12.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.4 E4S for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9040020260703055735.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.2"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.0-8.el10_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.11.1-13.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020260626120929.25e700aa",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8040020260629123121.96015a92",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.4::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8040020260629123121.96015a92",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8060020260626130540.824efc52",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_aus:8.6::appstream",
                "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8060020260626130540.824efc52",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020260630025241.6dbb3803",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.8::appstream",
                "cpe:/a:redhat:rhel_tus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020260630025241.6dbb3803",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.8.0-8.el9_8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.4-19.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.4::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.5-26.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12/389-ds-base",
              "product": "Red Hat Directory Server 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:13"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Directory Server 13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Ian Murphy (Red Hat)."
            }
          ],
          "datePublic": "2026-07-07T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server\n(389-ds-base). After a successful SASL bind with integrity protection (SSF \u003e 0),\nan authenticated attacker can send a specially crafted oversized LDAP UNBIND packet\nthat is copied into a 512-byte heap receive buffer without a bounds check in\nsasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of\nattacker-controlled data to overflow the buffer, causing a denial of service (server\ncrash). In FreeIPA and Red Hat Identity Management deployments, any domain user with\na valid Kerberos ticket, any enrolled host, or any service account can trigger this\nvulnerability over the network after authenticating via GSSAPI.\nThe vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and\nwas not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow\nin schema.c only."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T06:35:27.486Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:36195",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36195"
            },
            {
              "name": "RHSA-2026:36196",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36196"
            },
            {
              "name": "RHSA-2026:36197",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36197"
            },
            {
              "name": "RHSA-2026:36198",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36198"
            },
            {
              "name": "RHSA-2026:36200",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36200"
            },
            {
              "name": "RHSA-2026:36201",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36201"
            },
            {
              "name": "RHSA-2026:36202",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36202"
            },
            {
              "name": "RHSA-2026:36204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36204"
            },
            {
              "name": "RHSA-2026:36205",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36205"
            },
            {
              "name": "RHSA-2026:36206",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36206"
            },
            {
              "name": "RHSA-2026:36208",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36208"
            },
            {
              "name": "RHSA-2026:36209",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36209"
            },
            {
              "name": "RHSA-2026:36585",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36585"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-11610"
            },
            {
              "name": "RHBZ#2484414",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484414"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-22T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T09:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: 389-ds-base: heap buffer overflow in sasl_io_recv() via padded sasl unbind",
          "workarounds": [
            {
              "lang": "en",
              "value": "There is no complete workaround for this flaw.\nMitigations that reduce exposure:\n1. Restrict network access to LDAP ports (389/636) to trusted networks only.\n   Note: In FreeIPA/IdM deployments, enrolled clients require LDAP access and\n   this may not be practical.\n2. If DIGEST-MD5 is not required, disable it via nsslapd-allowed-sasl-mechanisms\n   in cn=config. GSSAPI/Kerberos cannot be disabled in FreeIPA/IdM without breaking\n   domain authentication.\n3. Monitor for oversized LDAP UNBIND packets (standard UNBIND is 7 bytes; alert on\n   UNBIND packets exceeding ~100 bytes).\n4. Lowering nsslapd-maxbersize reduces maximum overflow size but does not eliminate\n   the vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-11610",
        "datePublished": "2026-07-07T09:17:36.519Z",
        "dateReserved": "2026-06-08T16:13:02.502Z",
        "dateUpdated": "2026-07-08T06:35:27.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14476 (GCVE-0-2026-14476)

    Vulnerability from cvelistv5 – Published: 2026-07-07 09:12 – Updated: 2026-07-07 14:34
    VLAI
    Title
    Sssd: sssd: gpo cache path traversal via unsanitized gpcfilesyspath allows kerberos authentication bypass
    Summary
    A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14476 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2496581 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-07 09:00
    Credits
    This issue was discovered by Ian Murphy (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14476",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T14:34:29.054689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T14:34:38.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Ian Murphy (Red Hat)."
            }
          ],
          "datePublic": "2026-07-07T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal flaw was found in SSSD\u0027s AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T11:09:17.309Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14476"
            },
            {
              "name": "RHBZ#2496581",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496581"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-28T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T09:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Sssd: sssd: gpo cache path traversal via unsanitized gpcfilesyspath allows kerberos authentication bypass",
          "workarounds": [
            {
              "lang": "en",
              "value": "Set ad_gpo_access_control = disabled in /etc/sssd/sssd.conf to disable GPO fetching entirely. Note that this removes GPO-based login policy enforcement."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-23: Relative Path Traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14476",
        "datePublished": "2026-07-07T09:12:52.180Z",
        "dateReserved": "2026-07-02T15:18:56.861Z",
        "dateUpdated": "2026-07-07T14:34:38.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14474 (GCVE-0-2026-14474)

    Vulnerability from cvelistv5 – Published: 2026-07-07 09:12 – Updated: 2026-07-07 13:42
    VLAI
    Title
    Sssd: sssd: sudo ldap provider searches entire directory tree for sudorole objects by default, enabling privilege escalation
    Summary
    A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Initialization of a Resource with an Insecure Default
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14474 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2496556 issue-trackingx_refsource_REDHAT
    Date Public
    2026-07-07 09:00
    Credits
    This issue was discovered by Ian Murphy (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T13:41:44.076680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:42:01.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "sssd",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Ian Murphy (Red Hat)."
            }
          ],
          "datePublic": "2026-07-07T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in SSSD\u0027s LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "Initialization of a Resource with an Insecure Default",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T09:12:33.200Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14474"
            },
            {
              "name": "RHBZ#2496556",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496556"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-28T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T09:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Sssd: sssd: sudo ldap provider searches entire directory tree for sudorole objects by default, enabling privilege escalation",
          "workarounds": [
            {
              "lang": "en",
              "value": "Set ldap_sudo_search_base explicitly in /etc/sssd/sssd.conf to restrict the search to the designated sudoers container:\n\n[domain/example.com] ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n\nAdditionally, restrict LDAP ACLs to prevent non-admin principals from creating sudoRole objects outside the designated sudoers container."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1188: Initialization of a Resource with an Insecure Default"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14474",
        "datePublished": "2026-07-07T09:12:33.200Z",
        "dateReserved": "2026-07-02T14:49:31.316Z",
        "dateUpdated": "2026-07-07T13:42:01.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58384 (GCVE-0-2026-58384)

    Vulnerability from cvelistv5 – Published: 2026-07-07 07:44 – Updated: 2026-07-07 13:31
    VLAI
    Title
    Gimp: gimp: integer overflow in read_rle_channel()
    Summary
    A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Date Public
    2026-04-11 00:00
    Credits
    Red Hat would like to thank bb1abu for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58384",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T13:30:05.659315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:31:00.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp:2.8/gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank bb1abu for reporting this issue."
            }
          ],
          "datePublic": "2026-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP\u0027s PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T07:44:28.139Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58384"
            },
            {
              "name": "RHBZ#2497431",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497431"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/da29e217"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/16216"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: integer overflow in read_rle_channel()",
          "workarounds": [
            {
              "lang": "en",
              "value": "None \u2014 requires opening a crafted PSD file."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58384",
        "datePublished": "2026-07-07T07:44:28.139Z",
        "dateReserved": "2026-06-30T16:54:04.312Z",
        "dateUpdated": "2026-07-07T13:31:00.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59089 (GCVE-0-2026-59089)

    Vulnerability from cvelistv5 – Published: 2026-07-06 19:38 – Updated: 2026-07-06 19:48
    VLAI
    Title
    Gimp: gimp: denial of service via integer overflow in playstation tim loader
    Summary
    A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Date Public
    2026-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59089",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T19:48:49.016983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T19:48:53.313Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T19:38:16.905Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-59089"
            },
            {
              "name": "RHBZ#2496583",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496583"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-02T15:36:51.520Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: denial of service via integer overflow in playstation tim loader",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-59089",
        "datePublished": "2026-07-06T19:38:16.905Z",
        "dateReserved": "2026-07-02T15:11:12.820Z",
        "dateUpdated": "2026-07-06T19:48:53.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58380 (GCVE-0-2026-58380)

    Vulnerability from cvelistv5 – Published: 2026-07-06 13:58 – Updated: 2026-07-06 15:41
    VLAI
    Title
    Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()
    Summary
    A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-04-11 00:00
    Credits
    Red Hat would like to thank bb1abu for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T15:41:04.583701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T15:41:15.008Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp:2.8/gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank bb1abu for reporting this issue."
            }
          ],
          "datePublic": "2026-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP\u0027s PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T13:58:43.680Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58380"
            },
            {
              "name": "RHBZ#2496135",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496135"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/83699817"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/16206"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()",
          "workarounds": [
            {
              "lang": "en",
              "value": "None \u2014 requires opening a crafted PNM file."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-193: Off-by-one Error"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58380",
        "datePublished": "2026-07-06T13:58:43.680Z",
        "dateReserved": "2026-06-30T16:54:04.312Z",
        "dateUpdated": "2026-07-06T15:41:15.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9165 (GCVE-0-2026-9165)

    Vulnerability from cvelistv5 – Published: 2026-07-06 08:46 – Updated: 2026-07-08 08:11
    VLAI
    Title
    Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service
    Summary
    A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:36207 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36319 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36625 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-9165 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2480505 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.10 Unaffected: 1783357140 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.10::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.11 Unaffected: 1783352589 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.11::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.9 Unaffected: 1783357116 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.9::el8
    Create a notification for this product.
    Date Public
    2026-07-06 08:38
    Credits
    This issue was discovered by Moritz Clasmeier (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9165",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T14:00:57.848857Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T14:01:10.575Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1783357140",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.11::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel9",
              "product": "Red Hat Advanced Cluster Security for Kubernetes 4.11",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1783352589",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1783357116",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Moritz Clasmeier (Red Hat)."
            }
          ],
          "datePublic": "2026-07-06T08:38:30.568Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T08:11:51.925Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:36207",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36207"
            },
            {
              "name": "RHSA-2026:36319",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36319"
            },
            {
              "name": "RHSA-2026:36625",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36625"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-9165"
            },
            {
              "name": "RHBZ#2480505",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480505"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-21T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-06T08:38:30.568Z",
              "value": "Made public."
            }
          ],
          "title": "Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service",
          "workarounds": [
            {
              "lang": "en",
              "value": "There is no complete mitigation other than installing the update once\navailable."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-9165",
        "datePublished": "2026-07-06T08:46:22.139Z",
        "dateReserved": "2026-05-21T12:54:16.202Z",
        "dateUpdated": "2026-07-08T08:11:51.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14781 (GCVE-0-2026-14781)

    Vulnerability from cvelistv5 – Published: 2026-07-05 06:55 – Updated: 2026-07-06 14:12
    VLAI
    Title
    Keycloak-services: keycloak-services: oidc email_verified claim incorrectly applied to userinfo email
    Summary
    A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but retrieves the email_verified status exclusively from the id_token. The root cause is a lack of validation ensuring that the email_verified claim in the id_token actually refers to the email address returned by the userinfo endpoint. If these two sources return different email addresses, the id_token's email_verified=true claim is blindly applied to the userinfo email. Exploitation Conditions: The OIDC identity provider must have trustEmail set to true (non-default). The userinfo endpoint must be enabled (default). The attacker must control or have compromised the upstream OIDC provider. Concrete Impact: Mark arbitrary email addresses as verified in the Keycloak database. Bypass email-based security controls or verification workflows. Potential account takeover if the application relies solely on the email_verified flag from the IdP to link accounts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14781 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2497118 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-05 06:49
    Credits
    Red Hat would like to thank Kevin Bozell for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T14:11:53.137626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T14:12:11.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Kevin Bozell for reporting this issue."
            }
          ],
          "datePublic": "2026-07-05T06:49:14.781Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but retrieves the email_verified status exclusively from the id_token.\nThe root cause is a lack of validation ensuring that the email_verified claim in the id_token actually refers to the email address returned by the userinfo endpoint. If these two sources return different email addresses, the id_token\u0027s email_verified=true claim is blindly applied to the userinfo email.\nExploitation Conditions:\nThe OIDC identity provider must have trustEmail set to true (non-default).\n\nThe userinfo endpoint must be enabled (default).\n\nThe attacker must control or have compromised the upstream OIDC provider.\n\n\nConcrete Impact:\nMark arbitrary email addresses as verified in the Keycloak database.\n\nBypass email-based security controls or verification workflows.\n\nPotential account takeover if the application relies solely on the email_verified flag from the IdP to link accounts."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1288",
                  "description": "Improper Validation of Consistency within Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T06:55:30.225Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14781"
            },
            {
              "name": "RHBZ#2497118",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497118"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-02T17:12:31.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:49:14.781Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: oidc email_verified claim incorrectly applied to userinfo email",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1288: Improper Validation of Consistency within Input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14781",
        "datePublished": "2026-07-05T06:55:30.225Z",
        "dateReserved": "2026-07-05T06:32:45.726Z",
        "dateUpdated": "2026-07-06T14:12:11.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58379 (GCVE-0-2026-58379)

    Vulnerability from cvelistv5 – Published: 2026-07-03 18:29 – Updated: 2026-07-07 17:01
    VLAI
    Title
    Gimp: gimp: heap buffer overflow in read_channel_data()
    Summary
    A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Date Public
    2026-04-11 00:00
    Credits
    Red Hat would like to thank bb1abu for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:13:06.904859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T17:01:01.807Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gimp:2.8/gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank bb1abu for reporting this issue."
            }
          ],
          "datePublic": "2026-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP\u0027s Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T06:38:26.063Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58379"
            },
            {
              "name": "RHBZ#2495997",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495997"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/b630f167"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/16205"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: heap buffer overflow in read_channel_data()",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, users should avoid opening untrusted Paint Shop Pro (PSP) image files with GIMP. As a general security practice, it is recommended to only process image files from trusted sources. If GIMP is not essential, consider removing the package to eliminate the attack surface."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58379",
        "datePublished": "2026-07-03T18:29:22.302Z",
        "dateReserved": "2026-06-30T16:54:04.312Z",
        "dateUpdated": "2026-07-07T17:01:01.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14615 (GCVE-0-2026-14615)

    Vulnerability from cvelistv5 – Published: 2026-07-03 15:47 – Updated: 2026-07-06 16:32
    VLAI
    Title
    Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter
    Summary
    A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a delegated administrator to view details of child groups they are not authorized to access directly, including group names, paths, and custom attributes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14615 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2496891 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Date Public
    2026-07-03 15:37
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14615",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:31:50.566581Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:32:09.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-03T15:37:56.396Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak\u0027s administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller\u0027s specific permissions when requested through a parent group. This allows a delegated administrator to view details of child groups they are not authorized to access directly, including group names, paths, and custom attributes."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "Insufficient Granularity of Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T15:47:08.632Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14615"
            },
            {
              "name": "RHBZ#2496891",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496891"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-02T17:46:15.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-03T15:37:56.396Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14615",
        "datePublished": "2026-07-03T15:47:08.632Z",
        "dateReserved": "2026-07-03T15:30:28.048Z",
        "dateUpdated": "2026-07-06T16:32:09.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14614 (GCVE-0-2026-14614)

    Vulnerability from cvelistv5 – Published: 2026-07-03 15:33 – Updated: 2026-07-06 15:28
    VLAI
    Title
    Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource
    Summary
    A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not authorized to see or manage. As a result, an attacker could inject unauthorized data or permissions into the security tokens issued to end-users, potentially tricking other applications into granting higher levels of access than intended.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14614 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2496889 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-03 15:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T15:27:59.044944Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T15:28:02.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-03T15:21:06.261Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the ClientResource component of Keycloak\u0027s admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not authorized to see or manage. As a result, an attacker could inject unauthorized data or permissions into the security tokens issued to end-users, potentially tricking other applications into granting higher levels of access than intended."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T15:33:00.892Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14614"
            },
            {
              "name": "RHBZ#2496889",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496889"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-02T17:39:04.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-03T15:21:06.261Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14614",
        "datePublished": "2026-07-03T15:33:00.892Z",
        "dateReserved": "2026-07-03T15:13:06.650Z",
        "dateUpdated": "2026-07-06T15:28:02.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14613 (GCVE-0-2026-14613)

    Vulnerability from cvelistv5 – Published: 2026-07-03 15:16 – Updated: 2026-07-07 16:51
    VLAI
    Title
    Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission
    Summary
    A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific "role" can also see a list of all groups assigned to that role. The system fails to check if the administrator has permission to see those specific groups. This could allow a restricted administrator to discover "hidden" groups and see their details, such as internal names and custom settings, which might contain sensitive deployment information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14613 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2496878 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-03 15:04
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14613",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:15:54.932409Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T16:51:57.963Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "affected",
              "packageName": "rhbk/keycloak-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "keycloak-services",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-03T15:04:48.779Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in Keycloak\u0027s administrative interface that allows certain administrators to see information about groups they shouldn\u0027t have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific \"role\" can also see a list of all groups assigned to that role. The system fails to check if the administrator has permission to see those specific groups. This could allow a restricted administrator to discover \"hidden\" groups and see their details, such as internal names and custom settings, which might contain sensitive deployment information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T15:16:44.640Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14613"
            },
            {
              "name": "RHBZ#2496878",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496878"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-02T17:56:34.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-03T15:04:48.779Z",
              "value": "Made public."
            }
          ],
          "title": "Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14613",
        "datePublished": "2026-07-03T15:16:44.640Z",
        "dateReserved": "2026-07-03T14:48:35.343Z",
        "dateUpdated": "2026-07-07T16:51:57.963Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14612 (GCVE-0-2026-14612)

    Vulnerability from cvelistv5 – Published: 2026-07-03 15:11 – Updated: 2026-07-07 02:16
    VLAI
    Title
    Freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during oauth2 device authorization
    Summary
    Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be able to trigger ipa-otpd to write or read one byte past the end of a fixed-size buffer. Exploitation requires FreeIPA to be configured with an external IdP, attacker control or MITM of that IdP, and a user to initiate the OAuth2 device authorization flow. The most likely impact is limited denial of service affecting the ipa-otpd daemon.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14612 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2496879 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-03 14:00
    Credits
    Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14612",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T02:16:33.088975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T02:16:43.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "ipa",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "ipa",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "ipa",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "idm:client/ipa",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "idm:DL1/ipa",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "ipa",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Andrew Rukin (Arenadata) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-03T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Two off-by-one errors in the FreeIPA ipa-otpd daemon\u0027s OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be able to trigger ipa-otpd to write or read one byte past the end of a fixed-size buffer. Exploitation requires FreeIPA to be configured with an external IdP, attacker control or MITM of that IdP, and a user to initiate the OAuth2 device authorization flow. The most likely impact is limited denial of service affecting the ipa-otpd daemon."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T15:11:02.173Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14612"
            },
            {
              "name": "RHBZ#2496879",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496879"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-13T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-03T14:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during oauth2 device authorization",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14612",
        "datePublished": "2026-07-03T15:11:02.173Z",
        "dateReserved": "2026-07-03T14:36:01.997Z",
        "dateUpdated": "2026-07-07T02:16:43.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14544 (GCVE-0-2026-14544)

    Vulnerability from cvelistv5 – Published: 2026-07-03 07:26 – Updated: 2026-07-06 14:14
    VLAI
    Title
    Hplip: incomplete fix for cve-2026-8631
    Summary
    A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14544 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2496772 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2026-07-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14544",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T14:14:41.507889Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T14:14:48.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "hplip",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hplip",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hplip",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "hplip",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "hplip",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T07:39:33.740Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14544"
            },
            {
              "name": "RHBZ#2496772",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496772"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T06:54:23.191Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Hplip: incomplete fix for cve-2026-8631",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, consider restricting access to the printing services to trusted users and networks. If HPLIP is not required, removing the `hplip` package can eliminate the exposure. Note that removing `hplip` may affect printing functionality."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14544",
        "datePublished": "2026-07-03T07:26:00.402Z",
        "dateReserved": "2026-07-03T07:06:13.196Z",
        "dateUpdated": "2026-07-06T14:14:48.675Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58381 (GCVE-0-2026-58381)

    Vulnerability from cvelistv5 – Published: 2026-07-02 19:45 – Updated: 2026-07-07 17:02
    VLAI
    Title
    Gimp: gimp: double-free in read_layer_block()
    Summary
    A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-04-11 00:00
    Credits
    Red Hat would like to thank bb1abu for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58381",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:05:03.761403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T17:02:18.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp:2.8/gimp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "gimp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank bb1abu for reporting this issue."
            }
          ],
          "datePublic": "2026-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GIMP\u0027s PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "Double Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T06:38:26.022Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58381"
            },
            {
              "name": "RHBZ#2496166",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496166"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/b22e147b"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/16207"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Gimp: gimp: double-free in read_layer_block()",
          "workarounds": [
            {
              "lang": "en",
              "value": "None \u2014 requires opening a crafted PSP file."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-415: Double Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58381",
        "datePublished": "2026-07-02T19:45:33.777Z",
        "dateReserved": "2026-06-30T16:54:04.312Z",
        "dateUpdated": "2026-07-07T17:02:18.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14330 (GCVE-0-2026-14330)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:09 – Updated: 2026-07-01 15:37
    VLAI
    Title
    Pipewire: pulse server alloca stack overflow
    Summary
    Multiple unbounded alloca() calls in the PulseAudio protocol server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14330 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2495907 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2026-07-01 00:00
    Credits
    Red Hat would like to thank Tristan for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:37:21.993232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:37:41.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "libkrun",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "pipewire0.2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Tristan for reporting this issue."
            }
          ],
          "datePublic": "2026-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unbounded alloca() calls in the PulseAudio protocol server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:09:25.189Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14330"
            },
            {
              "name": "RHBZ#2495907",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495907"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-01T12:29:48.065Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pipewire: pulse server alloca stack overflow",
          "workarounds": [
            {
              "lang": "en",
              "value": "No practical mitigation beyond upgrading. The PulseAudio protocol\n  server is a core module required for PulseAudio application\n  compatibility."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14330",
        "datePublished": "2026-07-01T14:09:25.189Z",
        "dateReserved": "2026-07-01T12:29:58.653Z",
        "dateUpdated": "2026-07-01T15:37:41.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14324 (GCVE-0-2026-14324)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:09 – Updated: 2026-07-01 17:25
    VLAI
    Title
    Pipewire: raop rtsp null deref
    Summary
    RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2026-14324 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2495903 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Date Public
    2026-07-01 00:00
    Credits
    Red Hat would like to thank Tristan for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:15:20.378021Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:35.992Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "libkrun",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "pipewire0.2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "pipewire",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Tristan for reporting this issue."
            }
          ],
          "datePublic": "2026-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:09:20.582Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14324"
            },
            {
              "name": "RHBZ#2495903",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495903"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-01T12:14:20.335Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pipewire: raop rtsp null deref",
          "workarounds": [
            {
              "lang": "en",
              "value": "If AirPlay streaming is not required, unload or disable the\n  module-raop-discover and module-raop-sink PipeWire modules."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14324",
        "datePublished": "2026-07-01T14:09:20.582Z",
        "dateReserved": "2026-07-01T12:14:59.165Z",
        "dateUpdated": "2026-07-01T17:25:35.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5138 (GCVE-0-2026-5138)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:08 – Updated: 2026-07-01 23:53
    VLAI
    Title
    Foreman: foreman: information disclosure via improper validation of nested request parameters
    Summary
    A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5138 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452971 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-07-01 12:29
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:39:42.711601Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:39:49.816Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-01T12:29:33.423Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:53:14.772Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5138"
            },
            {
              "name": "RHBZ#2452971",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452971"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-30T10:51:04.461Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T12:29:33.423Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: information disclosure via improper validation of nested request parameters",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5138",
        "datePublished": "2026-07-01T14:08:43.978Z",
        "dateReserved": "2026-03-30T10:53:25.776Z",
        "dateUpdated": "2026-07-01T23:53:14.772Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5135 (GCVE-0-2026-5135)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:08 – Updated: 2026-07-01 23:53
    VLAI
    Title
    Foreman: foreman: unauthorized modification of host configurations via broken access control
    Summary
    A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5135 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452230 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-04-15 12:34
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:52:27.488776Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:54:21.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-04-15T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:53:14.087Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5135"
            },
            {
              "name": "RHBZ#2452230",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452230"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-27T13:22:30.704Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-15T12:34:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: unauthorized modification of host configurations via broken access control",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5135",
        "datePublished": "2026-07-01T14:08:39.712Z",
        "dateReserved": "2026-03-30T10:42:55.307Z",
        "dateUpdated": "2026-07-01T23:53:14.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5142 (GCVE-0-2026-5142)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:07 – Updated: 2026-07-01 23:53
    VLAI
    Title
    Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass
    Summary
    A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5142 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452999 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-04-30 12:34
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:01:12.115967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:01:19.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-04-30T12:34:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in foreman. Authenticated users with \u0027view_keypairs\u0027 permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:53:16.614Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5142"
            },
            {
              "name": "RHBZ#2452999",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452999"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-30T12:04:45.283Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-30T12:34:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5142",
        "datePublished": "2026-07-01T14:07:55.662Z",
        "dateReserved": "2026-03-30T12:08:56.764Z",
        "dateUpdated": "2026-07-01T23:53:16.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23537 (GCVE-0-2026-23537)

    Vulnerability from cvelistv5 – Published: 2026-07-01 13:49 – Updated: 2026-07-02 12:05
    VLAI
    Title
    Feast: unauthenticated arbitrary file write
    Summary
    A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-03-20 00:00
    Credits
    This issue was discovered by Jitendra Yejare (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:57:12.853230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:57:23.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-20T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A vulnerability has been identified in the Feast Feature Server\u2019s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server\u0027s filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Critical"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:05:15.890Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-23537"
              },
              {
                "name": "RHBZ#2429304",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429304"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23537.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-13T19:32:44.586Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-20T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "feast: Unauthenticated Arbitrary File Write",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Feast Feature Server",
              "vendor": "Feast",
              "versions": [
                {
                  "lessThan": "0.59.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-feature-server-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Jitendra Yejare (Red Hat)."
            }
          ],
          "datePublic": "2026-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in the Feast Feature Server\u2019s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server\u0027s filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Critical"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T13:49:27.306Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-23537"
            },
            {
              "name": "RHBZ#2429304",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429304"
            },
            {
              "url": "https://github.com/red-hat-data-services/feast/pull/192"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-13T19:32:44.586Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-20T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Feast: unauthenticated arbitrary file write",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-862: Missing Authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-23537",
        "datePublished": "2026-07-01T13:49:27.306Z",
        "dateReserved": "2026-01-13T19:53:18.502Z",
        "dateUpdated": "2026-07-02T12:05:15.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5136 (GCVE-0-2026-5136)

    Vulnerability from cvelistv5 – Published: 2026-07-01 13:28 – Updated: 2026-07-02 03:56
    VLAI
    Title
    Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation
    Summary
    A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:34365 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34366 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34367 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34368 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-5136 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2452970 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Satellite 6.16 for RHEL 8 Unaffected: 0:3.12.0.17-1.el8sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9 Unaffected: 0:3.12.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.17 for RHEL 9 Unaffected: 0:3.14.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.17::el9
        cpe:/a:redhat:satellite_capsule:6.17::el9
        cpe:/a:redhat:satellite_maintenance:6.17::el9
        cpe:/a:redhat:satellite_utils:6.17::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.18 for RHEL 9 Unaffected: 0:3.16.0.17-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.18::el9
        cpe:/a:redhat:satellite_capsule:6.18::el9
        cpe:/a:redhat:satellite_utils:6.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.19 for RHEL 9 Unaffected: 0:3.18.0.7-1.el9sat , < * (rpm)
        cpe:/a:redhat:satellite:6.19::el9
        cpe:/a:redhat:satellite_capsule:6.19::el9
        cpe:/a:redhat:satellite_maintenance:6.19::el9
        cpe:/a:redhat:satellite_utils:6.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Date Public
    2026-07-01 12:28
    Credits
    Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T03:56:14.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el8sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.16::el8",
                "cpe:/a:redhat:satellite:6.16::el9",
                "cpe:/a:redhat:satellite_capsule:6.16::el8",
                "cpe:/a:redhat:satellite_capsule:6.16::el9",
                "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                "cpe:/a:redhat:satellite_utils:6.16::el8",
                "cpe:/a:redhat:satellite_utils:6.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.16 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.12.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.17::el9",
                "cpe:/a:redhat:satellite_capsule:6.17::el9",
                "cpe:/a:redhat:satellite_maintenance:6.17::el9",
                "cpe:/a:redhat:satellite_utils:6.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.17 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.14.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.18::el9",
                "cpe:/a:redhat:satellite_capsule:6.18::el9",
                "cpe:/a:redhat:satellite_utils:6.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.18 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.16.0.17-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6.19::el9",
                "cpe:/a:redhat:satellite_capsule:6.19::el9",
                "cpe:/a:redhat:satellite_maintenance:6.19::el9",
                "cpe:/a:redhat:satellite_utils:6.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "foreman",
              "product": "Red Hat Satellite 6.19 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0.7-1.el9sat",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "satellite-capsule:el8/foreman",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
            }
          ],
          "datePublic": "2026-07-01T12:28:21.744Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user\u0027s permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T23:37:57.480Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:34365",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34365"
            },
            {
              "name": "RHSA-2026:34366",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34366"
            },
            {
              "name": "RHSA-2026:34367",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34367"
            },
            {
              "name": "RHSA-2026:34368",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:34368"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-5136"
            },
            {
              "name": "RHBZ#2452970",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452970"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-30T10:41:48.559Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T12:28:21.744Z",
              "value": "Made public."
            }
          ],
          "title": "Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-5136",
        "datePublished": "2026-07-01T13:28:00.316Z",
        "dateReserved": "2026-03-30T10:47:46.043Z",
        "dateUpdated": "2026-07-02T03:56:14.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14258 (GCVE-0-2026-14258)

    Vulnerability from cvelistv5 – Published: 2026-07-01 09:24 – Updated: 2026-07-01 12:20
    VLAI
    Title
    Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
    Summary
    A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Date Public
    2024-12-01 00:00
    Credits
    Red Hat would like to thank AISLE Research for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14258",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T12:20:39.579180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:20:42.349Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/NetworkConfiguration/dhcpcd/issues/415"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "dhcpcd",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank AISLE Research for reporting this issue."
            }
          ],
          "datePublic": "2024-12-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in dhcpcd\u0027s IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T09:24:51.479Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-14258"
            },
            {
              "name": "RHBZ#2462305",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2462305"
            },
            {
              "url": "https://github.com/NetworkConfiguration/dhcpcd/commit/75289ca"
            },
            {
              "url": "https://github.com/NetworkConfiguration/dhcpcd/issues/415"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-26T18:47:11.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-12-01T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling",
          "workarounds": [
            {
              "lang": "en",
              "value": "Until an updated package is available, administrators should disable IPv6 Router Advertisement processing on interfaces where it is not required or restrict acceptance of untrusted ICMPv6 Router Advertisements using appropriate network filtering. \n\nSystems that rely on IPv6 Stateless Address Autoconfiguration (SLAAC) or Router Advertisement-based network configuration should carefully evaluate the operational impact before applying these mitigations."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-14258",
        "datePublished": "2026-07-01T09:24:51.479Z",
        "dateReserved": "2026-06-30T15:57:04.334Z",
        "dateUpdated": "2026-07-01T12:20:42.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58016 (GCVE-0-2026-58016)

    Vulnerability from cvelistv5 – Published: 2026-06-30 13:02 – Updated: 2026-06-30 14:38
    VLAI
    Title
    Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
    Summary
    A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:54:25.243451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T14:01:02.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a \u003cnode\u003e element nested within other elements like \u003cmethod\u003e, \u003csignal\u003e, \u003cproperty\u003e or \u003carg\u003e. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.929Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58016"
            },
            {
              "name": "RHBZ#2492257",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492257"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3932"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T17:29:08.344Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: integer underflow in gio/gdbusintrospection.c via \"g_dbus_node_info_new_for_xml\"",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, implement input validation to sanitize untrusted D-Bus introspection XML, specifically rejecting malformed structures such as \u003cnode\u003e elements improperly nested within \u003cmethod\u003e, \u003csignal\u003e, \u003cproperty\u003e or \u003carg\u003e elements before calling g_dbus_node_info_new_for_xml(). Alternatively, restricting the application to only process XML input from trusted, authenticated sources will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58016",
        "datePublished": "2026-06-30T13:02:45.931Z",
        "dateReserved": "2026-06-26T20:59:47.856Z",
        "dateUpdated": "2026-06-30T14:38:17.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58015 (GCVE-0-2026-58015)

    Vulnerability from cvelistv5 – Published: 2026-06-30 13:02 – Updated: 2026-07-02 00:42
    VLAI
    Title
    Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
    Summary
    A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Date Public
    2026-04-08 00:00
    Credits
    Red Hat would like to thank Thepwnisher for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58015",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:27:59.851892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T00:42:47.467Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Thepwnisher for reporting this issue."
            }
          ],
          "datePublic": "2026-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:18.061Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58015"
            },
            {
              "name": "RHBZ#2492256",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492256"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3931"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T17:22:00.405Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, ensure that applications only connect to trusted D-Bus servers and operate within secure, isolated networks to prevent man-in-the-middle (MitM) attacks. If feasible, configuring the D-Bus connection to strictly require the EXTERNAL authentication mechanism and disabling DBUS_COOKIE_SHA1 will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58015",
        "datePublished": "2026-06-30T13:02:45.854Z",
        "dateReserved": "2026-06-26T20:59:47.856Z",
        "dateUpdated": "2026-07-02T00:42:47.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58014 (GCVE-0-2026-58014)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:57 – Updated: 2026-06-30 18:49
    VLAI
    Title
    Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"
    Summary
    A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-04-07 00:00
    Credits
    Red Hat would like to thank linhlhq for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58014",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T18:45:19.043229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T18:49:54.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3930"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.gnome.org/GNOME/glib/",
              "defaultStatus": "unaffected",
              "packageName": "GLib",
              "product": "GLib",
              "vendor": "GNOME",
              "versions": [
                {
                  "lessThan": "2.88.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "mingw-glib2",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:hummingbird:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "glib2",
              "product": "Red Hat Hardened Images",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank linhlhq for reporting this issue."
            }
          ],
          "datePublic": "2026-04-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:38:17.790Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-58014"
            },
            {
              "name": "RHBZ#2492255",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492255"
            },
            {
              "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3930"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-24T17:16:25.796Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-04-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Glib: off-by-one error in glib/gkeyfile.c via \"g_key_file_get_locale_string_list\"",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, implement input validation to sanitize untrusted key files (such as .desktop or .ini files), specifically rejecting or stripping empty values before calling g_key_file_get_locale_string_list(). Alternatively, restricting the application to only load key files from trusted sources will completely neutralize this issue."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-193: Off-by-one Error"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-58014",
        "datePublished": "2026-06-30T12:57:35.898Z",
        "dateReserved": "2026-06-26T20:59:47.856Z",
        "dateUpdated": "2026-06-30T18:49:54.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }