Vulnerability-Lookup

OPENSUSE-SU-2026:10013-1

Vulnerability from csaf_opensuse - Published: 2026-01-07 00:00 - Updated: 2026-01-07 00:00

Summary

apptainer-1.4.5-1.1 on GA media

Notes

Title of the patch

apptainer-1.4.5-1.1 on GA media

Description of the patch

These are all security issues fixed in the apptainer-1.4.5-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2026-10013

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "apptainer-1.4.5-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the apptainer-1.4.5-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10013",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10013-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22872 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22872/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-47913 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-47913/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-47914 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-47914/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-58181 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-58181/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-65105 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-65105/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8556 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8556/"
      }
    ],
    "title": "apptainer-1.4.5-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-01-07T00:00:00Z",
      "generator": {
        "date": "2026-01-07T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10013-1",
      "initial_release_date": "2026-01-07T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-01-07T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apptainer-1.4.5-1.1.aarch64",
                "product": {
                  "name": "apptainer-1.4.5-1.1.aarch64",
                  "product_id": "apptainer-1.4.5-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-leap-1.4.5-1.1.aarch64",
                "product": {
                  "name": "apptainer-leap-1.4.5-1.1.aarch64",
                  "product_id": "apptainer-leap-1.4.5-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-sle15_7-1.4.5-1.1.aarch64",
                "product": {
                  "name": "apptainer-sle15_7-1.4.5-1.1.aarch64",
                  "product_id": "apptainer-sle15_7-1.4.5-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-sle16-1.4.5-1.1.aarch64",
                "product": {
                  "name": "apptainer-sle16-1.4.5-1.1.aarch64",
                  "product_id": "apptainer-sle16-1.4.5-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apptainer-1.4.5-1.1.ppc64le",
                "product": {
                  "name": "apptainer-1.4.5-1.1.ppc64le",
                  "product_id": "apptainer-1.4.5-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-leap-1.4.5-1.1.ppc64le",
                "product": {
                  "name": "apptainer-leap-1.4.5-1.1.ppc64le",
                  "product_id": "apptainer-leap-1.4.5-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-sle15_7-1.4.5-1.1.ppc64le",
                "product": {
                  "name": "apptainer-sle15_7-1.4.5-1.1.ppc64le",
                  "product_id": "apptainer-sle15_7-1.4.5-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-sle16-1.4.5-1.1.ppc64le",
                "product": {
                  "name": "apptainer-sle16-1.4.5-1.1.ppc64le",
                  "product_id": "apptainer-sle16-1.4.5-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apptainer-1.4.5-1.1.s390x",
                "product": {
                  "name": "apptainer-1.4.5-1.1.s390x",
                  "product_id": "apptainer-1.4.5-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-leap-1.4.5-1.1.s390x",
                "product": {
                  "name": "apptainer-leap-1.4.5-1.1.s390x",
                  "product_id": "apptainer-leap-1.4.5-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-sle15_7-1.4.5-1.1.s390x",
                "product": {
                  "name": "apptainer-sle15_7-1.4.5-1.1.s390x",
                  "product_id": "apptainer-sle15_7-1.4.5-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-sle16-1.4.5-1.1.s390x",
                "product": {
                  "name": "apptainer-sle16-1.4.5-1.1.s390x",
                  "product_id": "apptainer-sle16-1.4.5-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apptainer-1.4.5-1.1.x86_64",
                "product": {
                  "name": "apptainer-1.4.5-1.1.x86_64",
                  "product_id": "apptainer-1.4.5-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-leap-1.4.5-1.1.x86_64",
                "product": {
                  "name": "apptainer-leap-1.4.5-1.1.x86_64",
                  "product_id": "apptainer-leap-1.4.5-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-sle15_7-1.4.5-1.1.x86_64",
                "product": {
                  "name": "apptainer-sle15_7-1.4.5-1.1.x86_64",
                  "product_id": "apptainer-sle15_7-1.4.5-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apptainer-sle16-1.4.5-1.1.x86_64",
                "product": {
                  "name": "apptainer-sle16-1.4.5-1.1.x86_64",
                  "product_id": "apptainer-sle16-1.4.5-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-1.4.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64"
        },
        "product_reference": "apptainer-1.4.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-1.4.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le"
        },
        "product_reference": "apptainer-1.4.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-1.4.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x"
        },
        "product_reference": "apptainer-1.4.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-1.4.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64"
        },
        "product_reference": "apptainer-1.4.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-leap-1.4.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64"
        },
        "product_reference": "apptainer-leap-1.4.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-leap-1.4.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le"
        },
        "product_reference": "apptainer-leap-1.4.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-leap-1.4.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x"
        },
        "product_reference": "apptainer-leap-1.4.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-leap-1.4.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64"
        },
        "product_reference": "apptainer-leap-1.4.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-sle15_7-1.4.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64"
        },
        "product_reference": "apptainer-sle15_7-1.4.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-sle15_7-1.4.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le"
        },
        "product_reference": "apptainer-sle15_7-1.4.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-sle15_7-1.4.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x"
        },
        "product_reference": "apptainer-sle15_7-1.4.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-sle15_7-1.4.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64"
        },
        "product_reference": "apptainer-sle15_7-1.4.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-sle16-1.4.5-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64"
        },
        "product_reference": "apptainer-sle16-1.4.5-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-sle16-1.4.5-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le"
        },
        "product_reference": "apptainer-sle16-1.4.5-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-sle16-1.4.5-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x"
        },
        "product_reference": "apptainer-sle16-1.4.5-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apptainer-sle16-1.4.5-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
        },
        "product_reference": "apptainer-sle16-1.4.5-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-22872",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22872"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22872",
          "url": "https://www.suse.com/security/cve/CVE-2025-22872"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241710 for CVE-2025-22872",
          "url": "https://bugzilla.suse.com/1241710"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-07T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22872"
    },
    {
      "cve": "CVE-2025-47913",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-47913"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-47913",
          "url": "https://www.suse.com/security/cve/CVE-2025-47913"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253506 for CVE-2025-47913",
          "url": "https://bugzilla.suse.com/1253506"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-07T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-47913"
    },
    {
      "cve": "CVE-2025-47914",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-47914"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-47914",
          "url": "https://www.suse.com/security/cve/CVE-2025-47914"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253967 for CVE-2025-47914",
          "url": "https://bugzilla.suse.com/1253967"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-07T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-47914"
    },
    {
      "cve": "CVE-2025-58181",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-58181"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-58181",
          "url": "https://www.suse.com/security/cve/CVE-2025-58181"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253784 for CVE-2025-58181",
          "url": "https://bugzilla.suse.com/1253784"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-07T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-58181"
    },
    {
      "cve": "CVE-2025-65105",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-65105"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:\u003cprofile\u003e and --security=selinux:\u003clabel\u003e which otherwise put restrictions on operations that containers can do. The --security option has always been mentioned in Apptainer documentation as being a feature for the root user, although these forms do also work for unprivileged users on systems where the corresponding feature is enabled. Apparmor is enabled by default on Debian-based distributions and SElinux is enabled by default on RHEL-based distributions, but on SUSE it depends on the distribution version. This vulnerability is fixed in 1.4.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-65105",
          "url": "https://www.suse.com/security/cve/CVE-2025-65105"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1255462 for CVE-2025-65105",
          "url": "https://bugzilla.suse.com/1255462"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-07T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-65105"
    },
    {
      "cve": "CVE-2025-8556",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8556"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in CIRCL\u0027s implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
          "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8556",
          "url": "https://www.suse.com/security/cve/CVE-2025-8556"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-leap-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle15_7-1.4.5-1.1.x86_64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.aarch64",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.ppc64le",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.s390x",
            "openSUSE Tumbleweed:apptainer-sle16-1.4.5-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-07T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-8556"
    }
  ]
}

CVE-2025-47913 (GCVE-0-2025-47913)

Vulnerability from cvelistv5 – Published: 2025-11-13 21:29 – Updated: 2025-12-16 16:43

Title

Potential denial of service in golang.org/x/crypto/ssh/agent

Summary

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-703 - Improper Handling of Exceptional Conditions

Assigner

References

URL

Tags

	https://go.dev/cl/700295
	https://go.dev/issue/75178
	https://github.com/advisories/GHSA-56w8-48fp-6mgv
	https://pkg.go.dev/vuln/GO-2025-4116

Impacted products

	Vendor	Product	Version
	golang.org/x/crypto	golang.org/x/crypto/ssh/agent	Affected: 0 , < 0.43.0 (semver)

Credits

Jakub Ciolek Nicola Murino

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-47913",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-13T21:47:44.206349Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-13T21:47:50.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh/agent",
          "product": "golang.org/x/crypto/ssh/agent",
          "programRoutines": [
            {
              "name": "client.SignWithFlags"
            },
            {
              "name": "client.List"
            },
            {
              "name": "agentKeyringSigner.Sign"
            },
            {
              "name": "agentKeyringSigner.SignWithAlgorithm"
            },
            {
              "name": "client.Sign"
            },
            {
              "name": "client.Signers"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.43.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        },
        {
          "lang": "en",
          "value": "Nicola Murino"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-703: Improper Handling of Exceptional Conditions",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T16:43:43.633Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/700295"
        },
        {
          "url": "https://go.dev/issue/75178"
        },
        {
          "url": "https://github.com/advisories/GHSA-56w8-48fp-6mgv"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4116"
        }
      ],
      "title": "Potential denial of service in golang.org/x/crypto/ssh/agent"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-47913",
    "datePublished": "2025-11-13T21:29:39.907Z",
    "dateReserved": "2025-05-13T23:31:29.597Z",
    "dateUpdated": "2025-12-16T16:43:43.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-65105 (GCVE-0-2025-65105)

Vulnerability from cvelistv5 – Published: 2025-12-02 17:49 – Updated: 2025-12-02 18:46

Title

Apptainer ineffective application of selinux and apparmor --security options

Summary

Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:<profile> and --security=selinux:<label> which otherwise put restrictions on operations that containers can do. The --security option has always been mentioned in Apptainer documentation as being a feature for the root user, although these forms do also work for unprivileged users on systems where the corresponding feature is enabled. Apparmor is enabled by default on Debian-based distributions and SElinux is enabled by default on RHEL-based distributions, but on SUSE it depends on the distribution version. This vulnerability is fixed in 1.4.5.

Severity ?

4.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-61 - UNIX Symbolic Link (Symlink) Following
CWE-706 - Use of Incorrectly-Resolved Name or Reference

Assigner

GitHub_M

References

URL

Tags

	https://github.com/apptainer/apptainer/security/a…	x_refsource_CONFIRM
	https://github.com/opencontainers/runc/security/a…	x_refsource_MISC
	https://github.com/sylabs/singularity/security/ad…	x_refsource_MISC
	https://github.com/apptainer/apptainer/pull/3226	x_refsource_MISC
	https://github.com/apptainer/apptainer/commit/431…	x_refsource_MISC
	https://github.com/apptainer/apptainer/commit/82f…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	apptainer	apptainer	Affected: < 1.4.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-65105",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T18:43:58.398576Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T18:46:30.677Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apptainer",
          "vendor": "apptainer",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.4.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:\u003cprofile\u003e and --security=selinux:\u003clabel\u003e which otherwise put restrictions on operations that containers can do. The --security option has always been mentioned in Apptainer documentation as being a feature for the root user, although these forms do also work for unprivileged users on systems where the corresponding feature is enabled. Apparmor is enabled by default on Debian-based distributions and SElinux is enabled by default on RHEL-based distributions, but on SUSE it depends on the distribution version. This vulnerability is fixed in 1.4.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-706",
              "description": "CWE-706: Use of Incorrectly-Resolved Name or Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-02T17:49:17.312Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/apptainer/apptainer/security/advisories/GHSA-j3rw-fx6g-q46j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/apptainer/apptainer/security/advisories/GHSA-j3rw-fx6g-q46j"
        },
        {
          "name": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
        },
        {
          "name": "https://github.com/sylabs/singularity/security/advisories/GHSA-wwrx-w7c9-rf87",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sylabs/singularity/security/advisories/GHSA-wwrx-w7c9-rf87"
        },
        {
          "name": "https://github.com/apptainer/apptainer/pull/3226",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/apptainer/apptainer/pull/3226"
        },
        {
          "name": "https://github.com/apptainer/apptainer/commit/4313b42717e18a4add7dd7503528bc15af905981",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/apptainer/apptainer/commit/4313b42717e18a4add7dd7503528bc15af905981"
        },
        {
          "name": "https://github.com/apptainer/apptainer/commit/82f17900a0c31bc769bf9b4612d271c7068d8bf2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/apptainer/apptainer/commit/82f17900a0c31bc769bf9b4612d271c7068d8bf2"
        }
      ],
      "source": {
        "advisory": "GHSA-j3rw-fx6g-q46j",
        "discovery": "UNKNOWN"
      },
      "title": "Apptainer ineffective application of selinux and apparmor --security options"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-65105",
    "datePublished": "2025-12-02T17:49:17.312Z",
    "dateReserved": "2025-11-17T20:55:34.693Z",
    "dateUpdated": "2025-12-02T18:46:30.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8556 (GCVE-0-2025-8556)

Vulnerability from cvelistv5 – Published: 2025-08-06 08:48 – Updated: 2025-11-07 20:16

Title

Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results

Summary

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2025-8556	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2371624	issue-trackingx_refsource_REDHAT
	https://github.com/cloudflare/circl
	https://github.com/cloudflare/circl/security/advi…
	https://github.com/cloudflare/circl/tree/v1.6.1

Impacted products

Vendor

Product

Version

Affected: 0 , < 1.6.1 (semver)

Red Hat	Builds for Red Hat OpenShift	cpe:/a:redhat:openshift_builds:1
Red Hat	Builds for Red Hat OpenShift	cpe:/a:redhat:openshift_builds:1
Red Hat	Builds for Red Hat OpenShift	cpe:/a:redhat:openshift_builds:1
Red Hat	Builds for Red Hat OpenShift	cpe:/a:redhat:openshift_builds:1
Red Hat	Builds for Red Hat OpenShift	cpe:/a:redhat:openshift_builds:1
Red Hat	Builds for Red Hat OpenShift	cpe:/a:redhat:openshift_builds:1
Red Hat	Custom Metric Autoscaler operator for Red Hat Openshift	cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
Red Hat	Custom Metric Autoscaler operator for Red Hat Openshift	cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
Red Hat	Custom Metric Autoscaler operator for Red Hat Openshift	cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
Red Hat	Custom Metric Autoscaler operator for Red Hat Openshift	cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
Red Hat	Custom Metric Autoscaler operator for Red Hat Openshift	cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
Red Hat	Multicluster Global Hub	cpe:/a:redhat:multicluster_globalhub
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Serverless	cpe:/a:redhat:serverless:1
Red Hat	OpenShift Serverless	cpe:/a:redhat:serverless:1
Red Hat	OpenShift Serverless	cpe:/a:redhat:serverless:1
Red Hat	OpenShift Serverless	cpe:/a:redhat:serverless:1
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Ceph Storage 5	cpe:/a:redhat:ceph_storage:5
Red Hat	Red Hat Ceph Storage 5	cpe:/a:redhat:ceph_storage:5
Red Hat	Red Hat Ceph Storage 6	cpe:/a:redhat:ceph_storage:6
Red Hat	Red Hat Ceph Storage 6	cpe:/a:redhat:ceph_storage:6
Red Hat	Red Hat Ceph Storage 8	cpe:/a:redhat:ceph_storage:8
Red Hat	Red Hat Ceph Storage 8	cpe:/a:redhat:ceph_storage:8
Red Hat	Red Hat Developer Hub	cpe:/a:redhat:rhdh:1
Red Hat	Red Hat Developer Hub	cpe:/a:redhat:rhdh:1
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Edge Manager preview	cpe:/a:redhat:edge_manager:0
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI)	cpe:/a:redhat:enterprise_linux_ai:1
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Dev Workspaces Operator	cpe:/a:redhat:devworkspace
Red Hat	Red Hat OpenShift Dev Workspaces Operator	cpe:/a:redhat:devworkspace
Red Hat	Red Hat OpenShift Dev Workspaces Operator	cpe:/a:redhat:devworkspace
Red Hat	Red Hat OpenShift for Windows Containers	cpe:/a:redhat:windows_machine_config
Red Hat	Red Hat OpenShift for Windows Containers	cpe:/a:redhat:windows_machine_config
Red Hat	Red Hat OpenShift GitOps	cpe:/a:redhat:openshift_gitops:1
Red Hat	Red Hat OpenShift GitOps	cpe:/a:redhat:openshift_gitops:1
Red Hat	Red Hat OpenShift GitOps	cpe:/a:redhat:openshift_gitops:1
Red Hat	Red Hat OpenShift GitOps	cpe:/a:redhat:openshift_gitops:1
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenStack Platform 16.2	cpe:/a:redhat:openstack:16.2
Red Hat	Red Hat OpenStack Platform 16.2	cpe:/a:redhat:openstack:16.2
Red Hat	Red Hat OpenStack Platform 16.2	cpe:/a:redhat:openstack:16.2
Red Hat	Red Hat OpenStack Platform 17.1	cpe:/a:redhat:openstack:17.1
Red Hat	Red Hat OpenStack Platform 17.1	cpe:/a:redhat:openstack:17.1
Red Hat	Red Hat OpenStack Platform 17.1	cpe:/a:redhat:openstack:17.1
Red Hat	Red Hat Trusted Application Pipeline	cpe:/a:redhat:trusted_application_pipeline:1
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Red Hat Trusted Profile Analyzer	cpe:/a:redhat:trusted_profile_analyzer:1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8556",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-06T20:24:48.827225Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-06T20:24:59.905Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-10-22T21:03:52.780Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementation"
          },
          {
            "url": "https://news.ycombinator.com/item?id=45669593"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/cloudflare/circl/",
          "defaultStatus": "unaffected",
          "packageName": "circl",
          "versions": [
            {
              "lessThan": "1.6.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_builds:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-builds/openshift-builds-controller-rhel9",
          "product": "Builds for Red Hat OpenShift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_builds:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-builds/openshift-builds-git-cloner-rhel9",
          "product": "Builds for Red Hat OpenShift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_builds:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-builds/openshift-builds-image-bundler-rhel9",
          "product": "Builds for Red Hat OpenShift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_builds:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-builds/openshift-builds-image-processing-rhel9",
          "product": "Builds for Red Hat OpenShift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_builds:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-builds/openshift-builds-waiters-rhel9",
          "product": "Builds for Red Hat OpenShift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_builds:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-builds/openshift-builds-webhook-rhel9",
          "product": "Builds for Red Hat OpenShift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
          ],
          "defaultStatus": "affected",
          "packageName": "custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9",
          "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
          ],
          "defaultStatus": "affected",
          "packageName": "custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9",
          "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
          ],
          "defaultStatus": "affected",
          "packageName": "custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle",
          "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
          ],
          "defaultStatus": "affected",
          "packageName": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9",
          "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
          ],
          "defaultStatus": "affected",
          "packageName": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator",
          "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:multicluster_globalhub"
          ],
          "defaultStatus": "affected",
          "packageName": "multicluster-globalhub/multicluster-globalhub-grafana-rhel9",
          "product": "Multicluster Global Hub",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-chains-controller-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-chains-controller-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-cli-tkn-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-cli-tkn-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-controller-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-controller-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-entrypoint-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-entrypoint-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-events-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-events-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-nop-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-nop-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-operator-bundle",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-operator-proxy-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-operator-proxy-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-operator-webhook-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-operator-webhook-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-resolvers-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-resolvers-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-rhel8-operator",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-rhel9-operator",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-sidecarlogresults-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-sidecarlogresults-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-webhook-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-webhook-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-workingdirinit-rhel8",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_pipelines:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-pipelines/pipelines-workingdirinit-rhel9",
          "product": "OpenShift Pipelines",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:serverless:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/kn-client-cli-artifacts-rhel8",
          "product": "OpenShift Serverless",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:serverless:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/kn-client-kn-rhel8",
          "product": "OpenShift Serverless",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:serverless:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/kn-plugin-event-sender-rhel8",
          "product": "OpenShift Serverless",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:serverless:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/kn-plugin-func-func-util-rhel8",
          "product": "OpenShift Serverless",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_mesh:3"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9",
          "product": "OpenShift Service Mesh 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_mesh:3"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-service-mesh/istio-cni-rhel9",
          "product": "OpenShift Service Mesh 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_mesh:3"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-service-mesh/istio-must-gather-rhel9",
          "product": "OpenShift Service Mesh 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_mesh:3"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-service-mesh/istio-pilot-rhel9",
          "product": "OpenShift Service Mesh 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_mesh:3"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-service-mesh/istio-proxyv2-rhel9",
          "product": "OpenShift Service Mesh 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_mesh:3"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-service-mesh/istio-rhel9-operator",
          "product": "OpenShift Service Mesh 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_mesh:3"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-service-mesh/istio-sail-operator-bundle",
          "product": "OpenShift Service Mesh 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "flightctl",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/acm-flightctl-api-rhel9",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/acm-flightctl-periodic-rhel9",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/acm-flightctl-worker-rhel9",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/acm-grafana-rhel9",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/multicluster-operators-subscription-rhel9",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/subctl-rhel9",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/volsync-rhel9",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-main-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-slim-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_cluster_security:4"
          ],
          "defaultStatus": "affected",
          "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
          "product": "Red Hat Advanced Cluster Security 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ceph_storage:5"
          ],
          "defaultStatus": "affected",
          "packageName": "rhceph/grafana-rhel9",
          "product": "Red Hat Ceph Storage 5",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ceph_storage:5"
          ],
          "defaultStatus": "affected",
          "packageName": "rhel9/grafana",
          "product": "Red Hat Ceph Storage 5",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ceph_storage:6"
          ],
          "defaultStatus": "affected",
          "packageName": "rhceph/grafana-rhel9",
          "product": "Red Hat Ceph Storage 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ceph_storage:6"
          ],
          "defaultStatus": "affected",
          "packageName": "rhel9/grafana",
          "product": "Red Hat Ceph Storage 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ceph_storage:8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhceph/grafana-rhel9",
          "product": "Red Hat Ceph Storage 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ceph_storage:8"
          ],
          "defaultStatus": "affected",
          "packageName": "rhel9/grafana",
          "product": "Red Hat Ceph Storage 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhdh:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhdh-orchestrator-dev-preview-beta/controller-rhel9-operator",
          "product": "Red Hat Developer Hub",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhdh:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhdh-orchestrator-dev-preview-beta/orchestrator-operator-bundle",
          "product": "Red Hat Developer Hub",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "flightctl",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/acm-flightctl-api-rhel9",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/acm-flightctl-periodic-rhel9",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/acm-flightctl-worker-rhel9",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "rhem/flightctl-api-rhel9",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "rhem/flightctl-cli-artifacts-rhel9",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "rhem/flightctl-periodic-rhel9",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "rhem/flightctl-ui-ocp-rhel9",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "rhem/flightctl-ui-rhel9",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:edge_manager:0"
          ],
          "defaultStatus": "affected",
          "packageName": "rhem/flightctl-worker-rhel9",
          "product": "Red Hat Edge Manager preview",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhel10/grafana",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhel9/grafana",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhelai1/bootc-amd-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhelai1/bootc-aws-nvidia-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhelai1/bootc-azure-amd-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhelai1/bootc-azure-nvidia-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhelai1/bootc-gcp-nvidia-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhelai1/bootc-nvidia-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhelai1/instructlab-amd-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhelai1/instructlab-nvidia-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai1/pathservice-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux_ai:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhelai1/ui-rhel9",
          "product": "Red Hat Enterprise Linux AI (RHEL AI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/o-cloud-manager-operator-bundle",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/o-cloud-manager-rhel9-operator",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-aws-cluster-api-controllers-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-aws-cluster-api-controllers-rhel9",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cluster-api-rhel9",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cluster-kube-cluster-api-rhel8-operator",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-cluster-kube-cluster-api-rhel9-operator",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-console",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-console-rhel9",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-olm-rukpak-rhel8",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/ose-olm-rukpak-rhel9",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:devworkspace"
          ],
          "defaultStatus": "affected",
          "packageName": "devworkspace/devworkspace-operator-bundle",
          "product": "Red Hat OpenShift Dev Workspaces Operator",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:devworkspace"
          ],
          "defaultStatus": "affected",
          "packageName": "devworkspace/devworkspace-project-clone-rhel9",
          "product": "Red Hat OpenShift Dev Workspaces Operator",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:devworkspace"
          ],
          "defaultStatus": "affected",
          "packageName": "devworkspace/devworkspace-rhel9-operator",
          "product": "Red Hat OpenShift Dev Workspaces Operator",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:windows_machine_config"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4-wincw/windows-machine-config-operator-bundle",
          "product": "Red Hat OpenShift for Windows Containers",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:windows_machine_config"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4-wincw/windows-machine-config-rhel9-operator",
          "product": "Red Hat OpenShift for Windows Containers",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/argocd-rhel8",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/argocd-rhel9",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/argo-rollouts-rhel8",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/gitops-rhel8",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/cluster-network-addons-operator-rhel9",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhosp-rhel9/osp-director-agent",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhosp-rhel9/osp-director-downloader",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhosp-rhel9/osp-director-operator",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:17.1"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhosp-rhel9/osp-director-agent",
          "product": "Red Hat OpenStack Platform 17.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:17.1"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhosp-rhel9/osp-director-downloader",
          "product": "Red Hat OpenStack Platform 17.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:17.1"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhosp-rhel9/osp-director-operator",
          "product": "Red Hat OpenStack Platform 17.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_application_pipeline:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtap-task-runner/rhtap-task-runner-rhel9",
          "product": "Red Hat Trusted Application Pipeline",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtas/client-server-rhel9",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtas/cosign-rhel9",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtas/createctconfig-rhel9",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtas/ctlog-managectroots-rhel9",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtas/fulcio-createcerts-rhel9",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtas/gitsign-rhel9",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtas/trillian-createdb-rhel9",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_artifact_signer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtas/tuf-server-rhel9",
          "product": "Red Hat Trusted Artifact Signer",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:trusted_profile_analyzer:1"
          ],
          "defaultStatus": "affected",
          "packageName": "rhtpa/rhtpa-guac-rhel9",
          "product": "Red Hat Trusted Profile Analyzer",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-06-10T21:18:33.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in CIRCL\u0027s implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-07T20:16:32.585Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-8556"
        },
        {
          "name": "RHBZ#2371624",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371624"
        },
        {
          "url": "https://github.com/cloudflare/circl"
        },
        {
          "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm"
        },
        {
          "url": "https://github.com/cloudflare/circl/tree/v1.6.1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-11T00:00:46.556585+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-06-10T21:18:33+00:00",
          "value": "Made public."
        }
      ],
      "title": "Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "(CWE-20|CWE-347): Improper Input Validation or Improper Verification of Cryptographic Signature"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-8556",
    "datePublished": "2025-08-06T08:48:17.946Z",
    "dateReserved": "2025-08-04T14:05:14.993Z",
    "dateUpdated": "2025-11-07T20:16:32.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-22872 (GCVE-0-2025-22872)

Vulnerability from cvelistv5 – Published: 2025-04-16 17:13 – Updated: 2025-05-16 23:03

Title

Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

Summary

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE

CWE-79

Assigner

References

URL

Tags

	https://go.dev/cl/662715
	https://go.dev/issue/73070
	https://groups.google.com/g/golang-announce/c/ezS…
	https://pkg.go.dev/vuln/GO-2025-3595

Impacted products

	Vendor	Product	Version
	golang.org/x/net	golang.org/x/net/html	Affected: 0 , < 0.38.0 (semver)

Credits

Sean Ng (https://ensy.zip)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22872",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T20:14:29.607584Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T20:15:13.433Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-16T23:03:07.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250516-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "Tokenizer.readStartTag"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            },
            {
              "name": "Tokenizer.Next"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.38.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sean Ng (https://ensy.zip)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-16T17:13:02.550Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/662715"
        },
        {
          "url": "https://go.dev/issue/73070"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3595"
        }
      ],
      "title": "Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-22872",
    "datePublished": "2025-04-16T17:13:02.550Z",
    "dateReserved": "2025-01-08T19:11:42.834Z",
    "dateUpdated": "2025-05-16T23:03:07.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-47914 (GCVE-0-2025-47914)

Vulnerability from cvelistv5 – Published: 2025-11-19 20:33 – Updated: 2025-11-20 17:15

Title

Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent

Summary

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-237

Assigner

References

URL

Tags

	https://groups.google.com/g/golang-announce/c/w-o…
	https://go.dev/cl/721960
	https://go.dev/issue/76364
	https://pkg.go.dev/vuln/GO-2025-4135

Impacted products

	Vendor	Product	Version
	golang.org/x/crypto	golang.org/x/crypto/ssh/agent	Affected: 0 , < 0.45.0 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-47914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T20:50:27.263405Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T20:50:30.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh/agent",
          "product": "golang.org/x/crypto/ssh/agent",
          "programRoutines": [
            {
              "name": "parseConstraints"
            },
            {
              "name": "ForwardToAgent"
            },
            {
              "name": "ServeAgent"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.45.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-237",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:15:00.344Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
        },
        {
          "url": "https://go.dev/cl/721960"
        },
        {
          "url": "https://go.dev/issue/76364"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4135"
        }
      ],
      "title": "Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-47914",
    "datePublished": "2025-11-19T20:33:43.126Z",
    "dateReserved": "2025-05-13T23:31:29.597Z",
    "dateUpdated": "2025-11-20T17:15:00.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58181 (GCVE-0-2025-58181)

Vulnerability from cvelistv5 – Published: 2025-11-19 20:33 – Updated: 2025-11-20 17:14

Title

Unbounded memory consumption in golang.org/x/crypto/ssh

Summary

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-1284

Assigner

References

URL

Tags

	https://groups.google.com/g/golang-announce/c/w-o…
	https://go.dev/cl/721961
	https://go.dev/issue/76363
	https://pkg.go.dev/vuln/GO-2025-4134

Impacted products

	Vendor	Product	Version
	golang.org/x/crypto	golang.org/x/crypto/ssh	Affected: 0 , < 0.45.0 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-58181",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T20:49:06.918113Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T20:49:26.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh",
          "product": "golang.org/x/crypto/ssh",
          "programRoutines": [
            {
              "name": "parseGSSAPIPayload"
            },
            {
              "name": "NewServerConn"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.45.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1284",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:14:59.856Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
        },
        {
          "url": "https://go.dev/cl/721961"
        },
        {
          "url": "https://go.dev/issue/76363"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4134"
        }
      ],
      "title": "Unbounded memory consumption in golang.org/x/crypto/ssh"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-58181",
    "datePublished": "2025-11-19T20:33:42.795Z",
    "dateReserved": "2025-08-27T14:50:58.691Z",
    "dateUpdated": "2025-11-20T17:14:59.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

OPENSUSE-SU-2026:10013-1

CVE-2025-47913 (GCVE-0-2025-47913)

CVE-2025-65105 (GCVE-0-2025-65105)

CVE-2025-8556 (GCVE-0-2025-8556)

CVE-2025-22872 (GCVE-0-2025-22872)

CVE-2025-47914 (GCVE-0-2025-47914)

CVE-2025-58181 (GCVE-0-2025-58181)

Tags

Sightings

Nomenclature