{ "matches": [ { "vulnerability": { "id": "CVE-2017-17740", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { "cve": "CVE-2017-17740", "epss": 0.06138, "percentile": 0.90902, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2017-17740", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.3069 }, "relatedVulnerabilities": [ { "id": "CVE-2017-17740", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", "http://www.openldap.org/its/index.cgi/Incoming?id=8759", "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2017-17740", "epss": 0.06138, "percentile": 0.90902, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2017-17740", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2025-29478", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29478", "epss": 0.00521, "percentile": 0.67046, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "" }, "advisories": [], "risk": 0.273525 }, "relatedVulnerabilities": [], "matchDetails": [ { "type": "cpe-match", "matcher": "stock-matcher", "searchedBy": { "namespace": "nvd:cpe", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:4.2.4:*:*:*:*:*:*:*" ], "package": { "name": "fluent-bit", "version": "4.2.4" } }, "found": { "vulnerabilityID": "CVE-2025-29478", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" ] } } ], "artifact": { "id": "de556463cfd32b50", "name": "fluent-bit", "version": "4.2.4", "type": "binary", "locations": [ { "path": "/fluent-bit/bin/fluent-bit", "layerID": "sha256:afc0456e6dd5330673122a54ed845c114384e23d647d21d04649934a4d4d15bc", "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:4.2.4:*:*:*:*:*:*:*" ], "purl": "pkg:github/fluent/fluent-bit@4.2.4", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2011-3389", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2011-3389", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "cvss": [], "epss": [ { "cve": "CVE-2011-3389", "epss": 0.03832, "percentile": 0.88274, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2011-3389", "cwe": "CWE-326", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.19160000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2011-3389", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2011-3389", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", "http://curl.haxx.se/docs/adv_20120124B.html", "http://downloads.asterisk.org/pub/security/AST-2016-001.html", "http://ekoparty.org/2011/juliano-rizzo.php", "http://eprint.iacr.org/2004/111", "http://eprint.iacr.org/2006/136", "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "http://marc.info/?l=bugtraq&m=132750579901589&w=2", "http://marc.info/?l=bugtraq&m=132872385320240&w=2", "http://marc.info/?l=bugtraq&m=133365109612558&w=2", "http://marc.info/?l=bugtraq&m=133728004526190&w=2", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", "http://osvdb.org/74829", "http://rhn.redhat.com/errata/RHSA-2012-0508.html", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://secunia.com/advisories/45791", "http://secunia.com/advisories/47998", "http://secunia.com/advisories/48256", "http://secunia.com/advisories/48692", "http://secunia.com/advisories/48915", "http://secunia.com/advisories/48948", "http://secunia.com/advisories/49198", "http://secunia.com/advisories/55322", "http://secunia.com/advisories/55350", "http://secunia.com/advisories/55351", "http://security.gentoo.org/glsa/glsa-201203-02.xml", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://support.apple.com/kb/HT4999", "http://support.apple.com/kb/HT5001", "http://support.apple.com/kb/HT5130", "http://support.apple.com/kb/HT5281", "http://support.apple.com/kb/HT5501", "http://support.apple.com/kb/HT6150", "http://technet.microsoft.com/security/advisory/2588513", "http://vnhacker.blogspot.com/2011/09/beast.html", "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", "http://www.debian.org/security/2012/dsa-2398", "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", "http://www.ibm.com/developerworks/java/jdk/alerts/", "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", "http://www.insecure.cl/Beast-SSL.rar", "http://www.kb.cert.org/vuls/id/864643", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", "http://www.opera.com/docs/changelogs/mac/1151/", "http://www.opera.com/docs/changelogs/mac/1160/", "http://www.opera.com/docs/changelogs/unix/1151/", "http://www.opera.com/docs/changelogs/unix/1160/", "http://www.opera.com/docs/changelogs/windows/1151/", "http://www.opera.com/docs/changelogs/windows/1160/", "http://www.opera.com/support/kb/view/1004/", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "http://www.redhat.com/support/errata/RHSA-2011-1384.html", "http://www.redhat.com/support/errata/RHSA-2012-0006.html", "http://www.securityfocus.com/bid/49388", "http://www.securityfocus.com/bid/49778", "http://www.securitytracker.com/id/1029190", "http://www.securitytracker.com/id?1025997", "http://www.securitytracker.com/id?1026103", "http://www.securitytracker.com/id?1026704", "http://www.ubuntu.com/usn/USN-1263-1", "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", "https://bugzilla.novell.com/show_bug.cgi?id=719047", "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", "https://hermes.opensuse.org/messages/13154861", "https://hermes.opensuse.org/messages/13155432", "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752" ], "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2011-3389", "epss": 0.03832, "percentile": 0.88274, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2011-3389", "cwe": "CWE-326", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2011-3389", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-42010", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42010", "namespace": "debian:distro:debian:13", "severity": "Critical", "urls": [], "description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42010", "epss": 0.00155, "percentile": 0.35819, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-42010", "cwe": "CWE-626", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.1457 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42010", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-42010", "https://bugzilla.redhat.com/show_bug.cgi?id=2467289" ], "description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "metrics": { "baseScore": 7.1, "exploitabilityScore": 2.9, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42010", "epss": 0.00155, "percentile": 0.35819, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-42010", "cwe": "CWE-626", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42010", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2025-29477", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 0.8, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29477", "epss": 0.00269, "percentile": 0.50346, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "" }, "advisories": [], "risk": 0.14122500000000002 }, "relatedVulnerabilities": [], "matchDetails": [ { "type": "cpe-match", "matcher": "stock-matcher", "searchedBy": { "namespace": "nvd:cpe", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:4.2.4:*:*:*:*:*:*:*" ], "package": { "name": "fluent-bit", "version": "4.2.4" } }, "found": { "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" ] } } ], "artifact": { "id": "de556463cfd32b50", "name": "fluent-bit", "version": "4.2.4", "type": "binary", "locations": [ { "path": "/fluent-bit/bin/fluent-bit", "layerID": "sha256:afc0456e6dd5330673122a54ed845c114384e23d647d21d04649934a4d4d15bc", "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:4.2.4:*:*:*:*:*:*:*" ], "purl": "pkg:github/fluent/fluent-bit@4.2.4", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2015-3276", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [], "epss": [ { "cve": "CVE-2015-3276", "epss": 0.02575, "percentile": 0.85717, "date": "2026-05-18" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.12875 }, "relatedVulnerabilities": [ { "id": "CVE-2015-3276", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://rhn.redhat.com/errata/RHSA-2015-2131.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "http://www.securitytracker.com/id/1034221", "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" ], "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2015-3276", "epss": 0.02575, "percentile": 0.85717, "date": "2026-05-18" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2018-20796", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { "cve": "CVE-2018-20796", "epss": 0.01492, "percentile": 0.81263, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-20796", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0746 }, "relatedVulnerabilities": [ { "id": "CVE-2018-20796", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://www.securityfocus.com/bid/107160", "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-20796", "epss": 0.01492, "percentile": 0.81263, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-20796", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01381, "percentile": 0.80488, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.06905 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01381, "percentile": 0.80488, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01381, "percentile": 0.80488, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.06905 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01381, "percentile": 0.80488, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01381, "percentile": 0.80488, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.06905 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01381, "percentile": 0.80488, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2018-5709", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01381, "percentile": 0.80488, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.06905 }, "relatedVulnerabilities": [ { "id": "CVE-2018-5709", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-5709", "epss": 0.01381, "percentile": 0.80488, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-5709", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-3833", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3833", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 7.4, "exploitabilityScore": 2.3, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3833", "epss": 0.00086, "percentile": 0.24521, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3833", "cwe": "CWE-178", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.06407 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3833", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-3833", "https://bugzilla.redhat.com/show_bug.cgi?id=2445763", "https://gitlab.com/gnutls/gnutls/-/issues/1803" ], "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 7.4, "exploitabilityScore": 2.3, "impactScore": 5.2 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3833", "epss": 0.00086, "percentile": 0.24521, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3833", "cwe": "CWE-178", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-3833", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2025-13151", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.0008, "percentile": 0.23506, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.060000000000000005 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13151", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.com/gnutls/libtasn1", "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", "http://www.openwall.com/lists/oss-security/2026/01/08/5", "https://www.kb.cert.org/vuls/id/271649" ], "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.0008, "percentile": 0.23506, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libtasn1-6", "version": "4.20.0-2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "04ef2a4cf087de67", "name": "libtasn1-6", "version": "4.20.0-2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libtasn1-6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1-6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1_6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1_6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", "cpe:2.3:a:libtasn1:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libtasn1-6@4.20.0-2?arch=amd64&distro=debian-13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-33846", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-33846", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-33846", "epss": 0.00075, "percentile": 0.2241, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-33846", "cwe": "CWE-130", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.05625000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-33846", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-33846", "https://bugzilla.redhat.com/show_bug.cgi?id=2450625" ], "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-33846", "epss": 0.00075, "percentile": 0.2241, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-33846", "cwe": "CWE-130", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-33846", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-40355", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00099, "percentile": 0.27071, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.05395500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40355", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00099, "percentile": 0.27071, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40355", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40355", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00099, "percentile": 0.27071, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.05395500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40355", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00099, "percentile": 0.27071, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40355", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40355", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00099, "percentile": 0.27071, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.05395500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40355", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00099, "percentile": 0.27071, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40355", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40355", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40355", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00099, "percentile": 0.27071, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.05395500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40355", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40355", "epss": 0.00099, "percentile": 0.27071, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40355", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40355", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40356", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00099, "percentile": 0.27023, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.05395500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40356", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00099, "percentile": 0.27023, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40356", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40356", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00099, "percentile": 0.27023, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.05395500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40356", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00099, "percentile": 0.27023, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40356", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40356", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00099, "percentile": 0.27023, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.05395500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40356", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00099, "percentile": 0.27023, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40356", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-40356", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40356", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00099, "percentile": 0.27023, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.05395500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40356", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://web.mit.edu/kerberos/advisories/" ], "description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40356", "epss": 0.00099, "percentile": 0.27023, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40356", "cwe": "CWE-191", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40356", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-6473", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6473", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6473", "epss": 0.00064, "percentile": 0.19769, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6473", "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.05216000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6473", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6473", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6473/" ], "description": "Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6473", "epss": 0.00064, "percentile": 0.19769, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6473", "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6473", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2026-4437", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4437", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.00068, "percentile": 0.20909, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ "2.41-12+deb13u3" ], "state": "fixed", "available": [ { "version": "2.41-12+deb13u3", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.051000000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34014" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.00068, "percentile": 0.20909, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-4437", "versionConstraint": "< 2.41-12+deb13u3 (deb)" }, "fix": { "suggestedVersion": "2.41-12+deb13u3" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-4046", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4046", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00065, "percentile": 0.19981, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [ "2.41-12+deb13u3" ], "state": "fixed", "available": [ { "version": "2.41-12+deb13u3", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.048749999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4046", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=33980", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD" ], "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00065, "percentile": 0.19981, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-4046", "versionConstraint": "< 2.41-12+deb13u3 (deb)" }, "fix": { "suggestedVersion": "2.41-12+deb13u3" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5450", "namespace": "debian:distro:debian:13", "severity": "Critical", "urls": [], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1537, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.046060000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1537, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2019-1010025", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010025", "epss": 0.0084, "percentile": 0.74917, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2019-1010025", "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.042 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010025", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010025" ], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010025", "epss": 0.0084, "percentile": 0.74917, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2019-1010025", "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-1965", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-1965", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00073, "percentile": 0.21927, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.04197499999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1965", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json" ], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00073, "percentile": 0.21927, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-33845", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-33845", "namespace": "debian:distro:debian:13", "severity": "Critical", "urls": [], "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 9.1, "exploitabilityScore": 3.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-33845", "epss": 0.00046, "percentile": 0.14287, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-33845", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.04163 }, "relatedVulnerabilities": [ { "id": "CVE-2026-33845", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-33845", "https://bugzilla.redhat.com/show_bug.cgi?id=2450624" ], "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 9.1, "exploitabilityScore": 3.9, "impactScore": 5.2 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-33845", "epss": 0.00046, "percentile": 0.14287, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-33845", "cwe": "CWE-191", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-33845", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-7598", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-7598", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.", "cvss": [ { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 6.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7598", "epss": 0.00069, "percentile": 0.21079, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-7598", "cwe": "CWE-189", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2026-7598", "cwe": "CWE-190", "source": "cna@vuldb.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.041054999999999994 }, "relatedVulnerabilities": [ { "id": "CVE-2026-7598", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-7598", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/libssh2/libssh2/", "https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1", "https://github.com/libssh2/libssh2/pull/1858", "https://vuldb.com/submit/805564", "https://vuldb.com/vuln/360555", "https://vuldb.com/vuln/360555/cti" ], "description": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.", "cvss": [ { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 6.9 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "metrics": { "baseScore": 7.5, "exploitabilityScore": 10, "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7598", "epss": 0.00069, "percentile": 0.21079, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-7598", "cwe": "CWE-189", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2026-7598", "cwe": "CWE-190", "source": "cna@vuldb.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libssh2", "version": "1.11.1-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-7598", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "db086fa0f05191a1", "name": "libssh2-1t64", "version": "1.11.1-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libssh2-1t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libssh2-1t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libssh2-1t64:libssh2-1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2-1t64:libssh2_1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2_1t64:libssh2-1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2_1t64:libssh2_1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2:libssh2-1t64:1.11.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:libssh2:libssh2_1t64:1.11.1-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libssh2-1t64@1.11.1-1?arch=amd64&distro=debian-13&upstream=libssh2", "upstreams": [ { "name": "libssh2" } ] } }, { "vulnerability": { "id": "CVE-2019-9192", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { "cve": "CVE-2019-9192", "epss": 0.0079, "percentile": 0.74076, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2019-9192", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03950000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2019-9192", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-9192", "epss": 0.0079, "percentile": 0.74076, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2019-9192", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-6475", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6475", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6475", "epss": 0.00046, "percentile": 0.14136, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6475", "cwe": "CWE-61", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.03749000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6475", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6475", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6475/" ], "description": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6475", "epss": 0.00046, "percentile": 0.14136, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6475", "cwe": "CWE-61", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6475", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5928", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14248, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0345 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14248, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-7168", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-7168", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7168", "epss": 0.00066, "percentile": 0.20472, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-7168", "cwe": "CWE-294", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.03399 }, "relatedVulnerabilities": [ { "id": "CVE-2026-7168", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-7168", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-7168.html", "https://curl.se/docs/CVE-2026-7168.json", "https://hackerone.com/reports/3697719", "http://www.openwall.com/lists/oss-security/2026/04/29/14" ], "description": "Successfully using libcurl to do a transfer over a specific HTTP proxy\n(`proxyA`) with **Digest** authentication and then changing the proxy host to\na second one (`proxyB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the `Proxy-Authorization:` header field meant for\n`proxyA`, to `proxyB`.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-7168", "epss": 0.00066, "percentile": 0.20472, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-7168", "cwe": "CWE-294", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-7168", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-6477", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6477", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6477", "epss": 0.00041, "percentile": 0.1238, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6477", "cwe": "CWE-242", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.033415 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6477", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6477", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6477/" ], "description": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6477", "epss": 0.00041, "percentile": 0.1238, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6477", "cwe": "CWE-242", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6477", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2024-2236", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [], "epss": [ { "cve": "CVE-2024-2236", "epss": 0.00666, "percentile": 0.71455, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-2236", "cwe": "CWE-385", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0333 }, "relatedVulnerabilities": [ { "id": "CVE-2024-2236", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2024:9404", "https://access.redhat.com/errata/RHSA-2025:3530", "https://access.redhat.com/errata/RHSA-2025:3534", "https://access.redhat.com/security/cve/CVE-2024-2236", "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-2236", "epss": 0.00666, "percentile": 0.71455, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-2236", "cwe": "CWE-385", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libgcrypt20", "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5826072934743d2f", "name": "libgcrypt20", "version": "1.11.0-7", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-5435", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5435", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00045, "percentile": 0.13966, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.033299999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5435", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033" ], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 7.3, "exploitabilityScore": 3.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5435", "epss": 0.00045, "percentile": 0.13966, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5435", "cwe": "CWE-787", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5435", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-6637", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6637", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6637", "epss": 0.00039, "percentile": 0.118, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6637", "cwe": "CWE-89", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" }, { "cve": "CVE-2026-6637", "cwe": "CWE-121", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.031785 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6637", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6637", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6637/" ], "description": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6637", "epss": 0.00039, "percentile": 0.118, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6637", "cwe": "CWE-89", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" }, { "cve": "CVE-2026-6637", "cwe": "CWE-121", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6637", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2019-1010024", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010024", "epss": 0.00634, "percentile": 0.70593, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2019-1010024", "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0317 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010024", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.securityfocus.com/bid/109162", "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", "https://support.f5.com/csp/article/K06046097", "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010024" ], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010024", "epss": 0.00634, "percentile": 0.70593, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2019-1010024", "cwe": "CWE-200", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2025-14819", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00061, "percentile": 0.18899, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.031415 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14819", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14819.html", "https://curl.se/docs/CVE-2025-14819.json", "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00061, "percentile": 0.18899, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-34743", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-34743", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.0006, "percentile": 0.18729, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.030899999999999997 }, "relatedVulnerabilities": [ { "id": "CVE-2026-34743", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "http://www.openwall.com/lists/oss-security/2026/03/31/13" ], "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "security-advisories@github.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 1.7 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.0006, "percentile": 0.18729, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "xz-utils", "version": "5.8.1-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-34743", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b2c2bc2cb57ca2ec", "name": "liblzma5", "version": "5.8.1-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/liblzma5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/liblzma5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:liblzma5:liblzma5:5.8.1-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64&distro=debian-13&upstream=xz-utils", "upstreams": [ { "name": "xz-utils" } ] } }, { "vulnerability": { "id": "CVE-2026-6479", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6479", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6479", "epss": 0.0004, "percentile": 0.12055, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6479", "cwe": "CWE-674", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.030000000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6479", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6479", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6479/" ], "description": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6479", "epss": 0.0004, "percentile": 0.12055, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6479", "cwe": "CWE-674", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6479", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2026-5545", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5545", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5545", "epss": 0.00052, "percentile": 0.16217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5545", "cwe": "CWE-613", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.029899999999999996 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5545", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5545", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-5545.html", "https://curl.se/docs/CVE-2026-5545.json", "https://hackerone.com/reports/3642555" ], "description": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials.\n\nAn application that first uses Negotiate authentication to a server with\n`user1:password1` and then does another operation to the same server asking\nfor any authentication method but for `user2:password2` (while the previous\nconnection is still alive) - the second request gets confused and wrongly\nreuses the same connection and sends the new request over that connection\nthinking it uses a mix of user1's and user2's credentials when it is in fact\nstill using the connection authenticated for user1...", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5545", "epss": 0.00052, "percentile": 0.16217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5545", "cwe": "CWE-613", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5545", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-6238", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6238", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6238", "epss": 0.00045, "percentile": 0.13966, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6238", "cwe": "CWE-126", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.025875 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6238", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069" ], "description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6238", "epss": 0.00045, "percentile": 0.13966, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6238", "cwe": "CWE-126", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6238", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2018-6829", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { "cve": "CVE-2018-6829", "epss": 0.00515, "percentile": 0.66821, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-6829", "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2018-6829", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", "https://www.oracle.com/security-alerts/cpujan2020.html" ], "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2018-6829", "epss": 0.00515, "percentile": 0.66821, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2018-6829", "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libgcrypt20", "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5826072934743d2f", "name": "libgcrypt20", "version": "1.11.0-7", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-40225", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40225", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40225", "epss": 0.00045, "percentile": 0.13742, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40225", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [ "257.13-1~deb13u1" ], "state": "fixed", "available": [ { "version": "257.13-1~deb13u1", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.02565 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40225", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40225", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx" ], "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40225", "epss": 0.00045, "percentile": 0.13742, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40225", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40225", "versionConstraint": "< 257.13-1~deb13u1 (deb)" }, "fix": { "suggestedVersion": "257.13-1~deb13u1" } } ], "artifact": { "id": "4f3b916d8498c51d", "name": "libsystemd0", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-40225", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40225", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40225", "epss": 0.00045, "percentile": 0.13742, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40225", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [ "257.13-1~deb13u1" ], "state": "fixed", "available": [ { "version": "257.13-1~deb13u1", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.02565 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40225", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40225", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx" ], "description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.6, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40225", "epss": 0.00045, "percentile": 0.13742, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40225", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40225", "versionConstraint": "< 257.13-1~deb13u1 (deb)" }, "fix": { "suggestedVersion": "257.13-1~deb13u1" } } ], "artifact": { "id": "49db2eae5abce987", "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.9-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-4438", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4438", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00045, "percentile": 0.13938, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [ "2.41-12+deb13u3" ], "state": "fixed", "available": [ { "version": "2.41-12+deb13u3", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.0234 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34015" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00045, "percentile": 0.13938, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-4438", "versionConstraint": "< 2.41-12+deb13u3 (deb)" }, "fix": { "suggestedVersion": "2.41-12+deb13u3" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-3805", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3805", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.0003, "percentile": 0.08673, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0225 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3805", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-3805.html", "https://curl.se/docs/CVE-2026-3805.json", "https://hackerone.com/reports/3591944", "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.0003, "percentile": 0.08673, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-6253", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6253", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6253", "epss": 0.0004, "percentile": 0.11981, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6253", "cwe": "CWE-522", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0218 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6253", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6253", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-6253.html", "https://curl.se/docs/CVE-2026-6253.json", "https://hackerone.com/reports/3669637", "http://www.openwall.com/lists/oss-security/2026/04/29/11" ], "description": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while using the first proxy (using say `http://`), curl is asked to follow\n a redirect to a URL using another scheme (say `https://`), accessed using a\n second, different, proxy", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6253", "epss": 0.0004, "percentile": 0.11981, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6253", "cwe": "CWE-522", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6253", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-5773", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5773", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5773", "epss": 0.00029, "percentile": 0.08413, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5773", "cwe": "CWE-918", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.02175 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5773", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5773", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-5773.html", "https://curl.se/docs/CVE-2026-5773.json", "https://hackerone.com/reports/3650689", "http://www.openwall.com/lists/oss-security/2026/04/29/9" ], "description": "libcurl might in some circumstances reuse the wrong connection for SMB(S)\ntransfers.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a network transfer operation that was requested by an\napplication could wrongfully reuse an existing SMB connection to the same\nserver that was using a different 'share' than the new subsequent transfer\nshould.\n\nThis could in unlucky situations lead to the download of the wrong file or the\nupload of a file to the wrong place. When this happens, the same credentials\nare used and the server name is the same.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5773", "epss": 0.00029, "percentile": 0.08413, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-5773", "cwe": "CWE-918", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5773", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-6478", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6478", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6478", "epss": 0.00037, "percentile": 0.11003, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6478", "cwe": "CWE-385", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6478", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6478/" ], "description": "Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6478", "epss": 0.00037, "percentile": 0.11003, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6478", "cwe": "CWE-385", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6478", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2025-14524", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.0004, "percentile": 0.12298, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0206 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14524", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14524.html", "https://curl.se/docs/CVE-2025-14524.json", "https://hackerone.com/reports/3459417", "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.0004, "percentile": 0.12298, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-6476", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6476", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7.2, "exploitabilityScore": 1.3, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6476", "epss": 0.00028, "percentile": 0.08132, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6476", "cwe": "CWE-89", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.020579999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6476", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6476", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6476/" ], "description": "SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7.2, "exploitabilityScore": 1.3, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6476", "epss": 0.00028, "percentile": 0.08132, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6476", "cwe": "CWE-89", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6476", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2026-27135", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27135", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27135", "epss": 0.00027, "percentile": 0.077, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-27135", "cwe": "CWE-617", "source": "security-advisories@github.com", "type": "Secondary" } ], "fix": { "versions": [ "1.64.0-1.1+deb13u1" ], "state": "fixed", "available": [ { "version": "1.64.0-1.1+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6266-1", "link": "https://security-tracker.debian.org/tracker/DSA-6266-1" } ], "risk": 0.020249999999999997 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27135", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", "http://www.openwall.com/lists/oss-security/2026/03/20/3", "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html" ], "description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27135", "epss": 0.00027, "percentile": 0.077, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-27135", "cwe": "CWE-617", "source": "security-advisories@github.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "nghttp2", "version": "1.64.0-1.1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-27135", "versionConstraint": "< 1.64.0-1.1+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1.64.0-1.1+deb13u1" } } ], "artifact": { "id": "fa925028c58e5356", "name": "libnghttp2-14", "version": "1.64.0-1.1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libnghttp2-14", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libnghttp2-14", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libnghttp2-14:libnghttp2-14:1.64.0-1.1:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2-14:libnghttp2_14:1.64.0-1.1:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2_14:libnghttp2-14:1.64.0-1.1:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2_14:libnghttp2_14:1.64.0-1.1:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2:libnghttp2-14:1.64.0-1.1:*:*:*:*:*:*:*", "cpe:2.3:a:libnghttp2:libnghttp2_14:1.64.0-1.1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libnghttp2-14@1.64.0-1.1?arch=amd64&distro=debian-13&upstream=nghttp2", "upstreams": [ { "name": "nghttp2" } ] } }, { "vulnerability": { "id": "CVE-2010-4756", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { "cve": "CVE-2010-4756", "epss": 0.00394, "percentile": 0.60442, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2010-4756", "cwe": "CWE-399", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.019700000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2010-4756", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://cxib.net/stuff/glob-0day.c", "http://securityreason.com/achievement_securityalert/89", "http://securityreason.com/exploitalert/9223", "https://bugzilla.redhat.com/show_bug.cgi?id=681681", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", "https://security.netapp.com/advisory/ntap-20241108-0002/" ], "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 4, "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2010-4756", "epss": 0.00394, "percentile": 0.60442, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2010-4756", "cwe": "CWE-399", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-42011", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42011", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 7.4, "exploitabilityScore": 2.3, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42011", "epss": 0.00026, "percentile": 0.07581, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-42011", "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01937 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42011", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42011", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-42011", "https://bugzilla.redhat.com/show_bug.cgi?id=2467437" ], "description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 7.4, "exploitabilityScore": 2.3, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-42011", "epss": 0.00026, "percentile": 0.07581, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-42011", "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42011", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-6638", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6638", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18, minor versions before PostgreSQL 18.4, 17.10, and 16.14 are affected. Versions before PostgreSQL 16 are unaffected.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6638", "epss": 0.00023, "percentile": 0.06595, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6638", "cwe": "CWE-89", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.018745000000000005 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6638", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6638", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6638/" ], "description": "SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18, minor versions before PostgreSQL 18.4, 17.10, and 16.14 are affected. Versions before PostgreSQL 16 are unaffected.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 1.2, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6638", "epss": 0.00023, "percentile": 0.06595, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6638", "cwe": "CWE-89", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6638", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2019-1010023", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010023", "epss": 0.00307, "percentile": 0.54027, "date": "2026-05-18" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.015349999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010023", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://www.securityfocus.com/bid/109167", "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", "https://ubuntu.com/security/CVE-2019-1010023" ], "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 8.8, "exploitabilityScore": 2.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { "baseScore": 6.8, "exploitabilityScore": 8.6, "impactScore": 6.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010023", "epss": 0.00307, "percentile": 0.54027, "date": "2026-05-18" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2026-6429", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6429", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6429", "epss": 0.00028, "percentile": 0.0823, "date": "2026-05-18" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.014419999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6429", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6429", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-6429.html", "https://curl.se/docs/CVE-2026-6429.json", "https://hackerone.com/reports/3677759" ], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6429", "epss": 0.00028, "percentile": 0.0823, "date": "2026-05-18" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6429", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-3784", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3784", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00023, "percentile": 0.06583, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.013224999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3784", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://hackerone.com/reports/3584903", "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00023, "percentile": 0.06583, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-6472", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6472", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6472", "epss": 0.00025, "percentile": 0.07215, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6472", "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.013000000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6472", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6472", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6472/" ], "description": "Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6472", "epss": 0.00025, "percentile": 0.07215, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6472", "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6472", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2026-6276", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6276", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6276", "epss": 0.00017, "percentile": 0.04388, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6276", "cwe": "CWE-319", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.012750000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6276", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6276", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-6276.html", "https://curl.se/docs/CVE-2026-6276.json", "https://hackerone.com/reports/3671818", "http://www.openwall.com/lists/oss-security/2026/04/29/13" ], "description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6276", "epss": 0.00017, "percentile": 0.04388, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6276", "cwe": "CWE-319", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6276", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-6474", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-6474", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 2.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6474", "epss": 0.00027, "percentile": 0.07864, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6474", "cwe": "CWE-134", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ "17.10-0+deb13u1" ], "state": "fixed", "available": [ { "version": "17.10-0+deb13u1", "date": "2026-05-14", "kind": "advisory" } ] }, "advisories": [ { "id": "DSA-6270-1", "link": "https://security-tracker.debian.org/tracker/DSA-6270-1" } ], "risk": 0.012554999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6474", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6474", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://www.postgresql.org/support/security/CVE-2026-6474/" ], "description": "Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 2.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6474", "epss": 0.00027, "percentile": 0.07864, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-6474", "cwe": "CWE-134", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "postgresql-17", "version": "17.9-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-6474", "versionConstraint": "< 17.10-0+deb13u1 (deb)" }, "fix": { "suggestedVersion": "17.10-0+deb13u1" } } ], "artifact": { "id": "07b5cfa820128572", "name": "libpq5", "version": "17.9-0+deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libpq5:libpq5:17.9-0\\+deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { "name": "postgresql-17" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26458", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26458", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", "https://security.netapp.com/advisory/ntap-20240415-0010/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26458", "epss": 0.0025, "percentile": 0.48217, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26458", "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2026-3783", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3783", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00024, "percentile": 0.06964, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.01236 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3783", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://hackerone.com/reports/3583983", "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00024, "percentile": 0.06964, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-29111", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-29111", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.00023, "percentile": 0.06473, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ], "fix": { "versions": [ "257.13-1~deb13u1" ], "state": "fixed", "available": [ { "version": "257.13-1~deb13u1", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.012075 }, "relatedVulnerabilities": [ { "id": "CVE-2026-29111", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764" ], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.00023, "percentile": 0.06473, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-29111", "versionConstraint": "< 257.13-1~deb13u1 (deb)" }, "fix": { "suggestedVersion": "257.13-1~deb13u1" } } ], "artifact": { "id": "4f3b916d8498c51d", "name": "libsystemd0", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-29111", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-29111", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.00023, "percentile": 0.06473, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ], "fix": { "versions": [ "257.13-1~deb13u1" ], "state": "fixed", "available": [ { "version": "257.13-1~deb13u1", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.012075 }, "relatedVulnerabilities": [ { "id": "CVE-2026-29111", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764" ], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.00023, "percentile": 0.06473, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-29111", "versionConstraint": "< 257.13-1~deb13u1 (deb)" }, "fix": { "suggestedVersion": "257.13-1~deb13u1" } } ], "artifact": { "id": "49db2eae5abce987", "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.9-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-3832", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-3832", "namespace": "debian:distro:debian:13", "severity": "Low", "urls": [], "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3832", "epss": 0.00036, "percentile": 0.10643, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3832", "cwe": "CWE-179", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01206 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3832", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3832", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-3832", "https://bugzilla.redhat.com/show_bug.cgi?id=2445762", "https://gitlab.com/gnutls/gnutls/-/issues/1801" ], "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3832", "epss": 0.00036, "percentile": 0.10643, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-3832", "cwe": "CWE-179", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-3832", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-4873", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4873", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4873", "epss": 0.0002, "percentile": 0.05552, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4873", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2026-4873", "cwe": "CWE-319", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.0109 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4873", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4873", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-4873.html", "https://curl.se/docs/CVE-2026-4873.json", "https://hackerone.com/reports/3621851", "http://www.openwall.com/lists/oss-security/2026/04/29/7" ], "description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmit data\nunencrypted.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4873", "epss": 0.0002, "percentile": 0.05552, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4873", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2026-4873", "cwe": "CWE-319", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-4873", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2020-15719", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { "cve": "CVE-2020-15719", "epss": 0.00216, "percentile": 0.43932, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2020-15719", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0108 }, "relatedVulnerabilities": [ { "id": "CVE-2020-15719", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", "https://access.redhat.com/errata/RHBA-2019:3674", "https://bugs.openldap.org/show_bug.cgi?id=9266", "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.2, "exploitabilityScore": 1.7, "impactScore": 2.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "metrics": { "baseScore": 4, "exploitabilityScore": 5, "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2020-15719", "epss": 0.00216, "percentile": 0.43932, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2020-15719", "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2026-41989", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-41989", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 1.5, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41989", "epss": 0.00015, "percentile": 0.0345, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-41989", "cwe": "CWE-787", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.008775 }, "relatedVulnerabilities": [ { "id": "CVE-2026-41989", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-41989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://dev.gnupg.org/T8211", "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html", "https://www.openwall.com/lists/oss-security/2026/04/21/1" ], "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 1.5, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41989", "epss": 0.00015, "percentile": 0.0345, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-41989", "cwe": "CWE-787", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libgcrypt20", "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-41989", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5826072934743d2f", "name": "libgcrypt20", "version": "1.11.0-7", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2023-31437", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.0017, "percentile": 0.37811, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0085 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.0017, "percentile": 0.37811, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4f3b916d8498c51d", "name": "libsystemd0", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2023-31437", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.0017, "percentile": 0.37811, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0085 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31437", "epss": 0.0017, "percentile": 0.37811, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-31437", "cwe": "CWE-354", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "49db2eae5abce987", "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.9-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-4878", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4878", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7, "exploitabilityScore": 1.1, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4878", "epss": 0.0001, "percentile": 0.01052, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4878", "cwe": "CWE-367", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ "1:2.75-10+deb13u1" ], "state": "fixed", "available": [ { "version": "1:2.75-10+deb13u1", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.00725 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4878", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6" ], "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7, "exploitabilityScore": 1.1, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4878", "epss": 0.0001, "percentile": 0.01052, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4878", "cwe": "CWE-367", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libcap2", "version": "1:2.75-10+b8" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-4878", "versionConstraint": "< 1:2.75-10+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1:2.75-10+deb13u1" } }, { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "libcap2", "version": "1:2.75-10" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-4878", "versionConstraint": "< 1:2.75-10+deb13u1 (deb)" }, "fix": { "suggestedVersion": "1:2.75-10+deb13u1" } } ], "artifact": { "id": "db4fc91f0556f532", "name": "libcap2", "version": "1:2.75-10+b8", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcap2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcap2:libcap2:1\\:2.75-10\\+b8:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcap2@1%3A2.75-10%2Bb8?arch=amd64&distro=debian-13&upstream=libcap2%401%3A2.75-10", "upstreams": [ { "name": "libcap2", "version": "1:2.75-10" } ] } }, { "vulnerability": { "id": "CVE-2023-31438", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00134, "percentile": 0.32425, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0067 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00134, "percentile": 0.32425, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4f3b916d8498c51d", "name": "libsystemd0", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2023-31438", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00134, "percentile": 0.32425, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0067 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31438", "epss": 0.00134, "percentile": 0.32425, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "49db2eae5abce987", "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.9-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2025-13034", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13034", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00012, "percentile": 0.01579, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [ "8.14.1-2+deb13u3" ], "state": "fixed", "available": [ { "version": "8.14.1-2+deb13u3", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.006540000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13034", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-13034.html", "https://curl.se/docs/CVE-2025-13034.json" ], "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00012, "percentile": 0.01579, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-13034", "versionConstraint": "< 8.14.1-2+deb13u3 (deb)" }, "fix": { "suggestedVersion": "8.14.1-2+deb13u3" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2019-1010022", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { "cve": "CVE-2019-1010022", "epss": 0.00129, "percentile": 0.31741, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2019-1010022", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.006449999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2019-1010022", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", "https://ubuntu.com/security/CVE-2019-1010022" ], "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "metrics": { "baseScore": 7.5, "exploitabilityScore": 10, "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2019-1010022", "epss": 0.00129, "percentile": 0.31741, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2019-1010022", "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "glibc", "version": "2.41-12+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5e21ad3d95f6eebc", "name": "libc6", "version": "2.41-12+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libc6", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/libc6/copyright", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/libc6.md5sums", "layerID": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "BSD-2-clause", "BSD-3-clause-Berkeley", "BSD-3-clause-Carnegie", "BSD-3-clause-Oracle", "BSD-3-clause-WIDE", "BSD-like-Spencer", "BSL-1.0", "CORE-MATH", "Carnegie", "DEC", "FSFAP", "GPL-2", "GPL-2+", "GPL-2+-with-link-exception", "GPL-3", "GPL-3+", "IBM", "ISC", "Inner-Net", "LGPL-2", "LGPL-2+", "LGPL-2.1", "LGPL-2.1+", "LGPL-2.1+-with-link-exception", "LGPL-3", "LGPL-3+", "MIT-like-Lord", "PCRE", "SunPro", "Unicode-DFS-2016", "Univ-Coimbra", "public-domain" ], "cpes": [ "cpe:2.3:a:libc6:libc6:2.41-12\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { "name": "glibc" } ] } }, { "vulnerability": { "id": "CVE-2023-31439", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00125, "percentile": 0.31211, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00625 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31439", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00125, "percentile": 0.31211, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4f3b916d8498c51d", "name": "libsystemd0", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2023-31439", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00125, "percentile": 0.31211, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00625 }, "relatedVulnerabilities": [ { "id": "CVE-2023-31439", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-31439", "epss": 0.00125, "percentile": 0.31211, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2023-31439", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "49db2eae5abce987", "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.9-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-40226", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40226", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.5, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40226", "epss": 0.0001, "percentile": 0.01163, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40226", "cwe": "CWE-348", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [ "257.13-1~deb13u1" ], "state": "fixed", "available": [ { "version": "257.13-1~deb13u1", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.005700000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40226", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40226", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx" ], "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.5, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40226", "epss": 0.0001, "percentile": 0.01163, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40226", "cwe": "CWE-348", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40226", "versionConstraint": "< 257.13-1~deb13u1 (deb)" }, "fix": { "suggestedVersion": "257.13-1~deb13u1" } } ], "artifact": { "id": "4f3b916d8498c51d", "name": "libsystemd0", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-40226", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40226", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.5, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40226", "epss": 0.0001, "percentile": 0.01163, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40226", "cwe": "CWE-348", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [ "257.13-1~deb13u1" ], "state": "fixed", "available": [ { "version": "257.13-1~deb13u1", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.005700000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40226", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40226", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx" ], "description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.4, "exploitabilityScore": 0.5, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40226", "epss": 0.0001, "percentile": 0.01163, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40226", "cwe": "CWE-348", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40226", "versionConstraint": "< 257.13-1~deb13u1 (deb)" }, "fix": { "suggestedVersion": "257.13-1~deb13u1" } } ], "artifact": { "id": "49db2eae5abce987", "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.9-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2017-14159", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { "cve": "CVE-2017-14159", "epss": 0.00111, "percentile": 0.29063, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2017-14159", "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.005550000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2017-14159", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.openldap.org/its/index.cgi?findid=8703", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 1.9, "exploitabilityScore": 3.4, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2017-14159", "epss": 0.00111, "percentile": 0.29063, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2017-14159", "cwe": "CWE-665", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2026-4105", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00009, "percentile": 0.00863, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ "257.13-1~deb13u1" ], "state": "fixed", "available": [ { "version": "257.13-1~deb13u1", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.005265 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4105", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7299", "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00009, "percentile": 0.00863, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "< 257.13-1~deb13u1 (deb)" }, "fix": { "suggestedVersion": "257.13-1~deb13u1" } } ], "artifact": { "id": "4f3b916d8498c51d", "name": "libsystemd0", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-4105", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-4105", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00009, "percentile": 0.00863, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ "257.13-1~deb13u1" ], "state": "fixed", "available": [ { "version": "257.13-1~deb13u1", "date": "2026-05-17", "kind": "first-observed" } ] }, "advisories": [], "risk": 0.005265 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4105", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7299", "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00009, "percentile": 0.00863, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "< 257.13-1~deb13u1 (deb)" }, "fix": { "suggestedVersion": "257.13-1~deb13u1" } } ], "artifact": { "id": "49db2eae5abce987", "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.9-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-40228", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40228", "namespace": "debian:distro:debian:13", "severity": "Low", "urls": [], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00016, "percentile": 0.03678, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.00504 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40228", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40228", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://www.openwall.com/lists/oss-security/2026/04/08/1", "http://www.openwall.com/lists/oss-security/2026/05/05/1" ], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00016, "percentile": 0.03678, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40228", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4f3b916d8498c51d", "name": "libsystemd0", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2026-40228", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-40228", "namespace": "debian:distro:debian:13", "severity": "Low", "urls": [], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00016, "percentile": 0.03678, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.00504 }, "relatedVulnerabilities": [ { "id": "CVE-2026-40228", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-40228", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://www.openwall.com/lists/oss-security/2026/04/08/1", "http://www.openwall.com/lists/oss-security/2026/05/05/1" ], "description": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-40228", "epss": 0.00016, "percentile": 0.03678, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-40228", "cwe": "CWE-669", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-40228", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "49db2eae5abce987", "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.9-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2025-15224", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00098, "percentile": 0.26691, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0049 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15224", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2025-15224.html", "https://curl.se/docs/CVE-2025-15224.json", "https://hackerone.com/reports/3480925", "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00098, "percentile": 0.26691, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-27171", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", "namespace": "debian:distro:debian:13", "severity": "Medium", "urls": [], "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27171", "epss": 0.00009, "percentile": 0.00811, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-27171", "cwe": "CWE-1284", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.004725 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27171", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://ostif.org/zlib-audit-complete/" ], "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27171", "epss": 0.00009, "percentile": 0.00811, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-27171", "cwe": "CWE-1284", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "zlib", "version": "1:1.3.dfsg+really1.3.1-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-27171", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "9624b8abfaf8a472", "name": "zlib1g", "version": "1:1.3.dfsg+really1.3.1-1+b1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/zlib1g", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/zlib1g", "annotations": { "evidence": "primary" } }, { "path": "/usr/share/doc/zlib1g/copyright", "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", "accessPath": "/usr/share/doc/zlib1g/copyright", "annotations": { "evidence": "supporting" } }, { "path": "/var/lib/dpkg/status.d/zlib1g.md5sums", "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", "accessPath": "/var/lib/dpkg/status.d/zlib1g.md5sums", "annotations": { "evidence": "supporting" } } ], "language": "", "licenses": [ "Zlib" ], "cpes": [ "cpe:2.3:a:zlib1g:zlib1g:1\\:1.3.dfsg\\+really1.3.1-1\\+b1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/zlib1g@1%3A1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64&distro=debian-13&upstream=zlib%401%3A1.3.dfsg%2Breally1.3.1-1", "upstreams": [ { "name": "zlib", "version": "1:1.3.dfsg+really1.3.1-1" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00062, "percentile": 0.19179, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00062, "percentile": 0.19179, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6ee860d702b8084", "name": "libgssapi-krb5-2", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00062, "percentile": 0.19179, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00062, "percentile": 0.19179, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "52ef833c1503e21a", "name": "libk5crypto3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00062, "percentile": 0.19179, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00062, "percentile": 0.19179, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d4c94f2fc66f3184", "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2024-26461", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00062, "percentile": 0.19179, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2024-26461", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", "https://security.netapp.com/advisory/ntap-20240415-0011/" ], "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-26461", "epss": 0.00062, "percentile": 0.19179, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2024-26461", "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "krb5", "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "56fc39be304d53f0", "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" } ] } }, { "vulnerability": { "id": "CVE-2025-15079", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15079", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.00047, "percentile": 0.14506, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00235 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-15079.html", "https://curl.se/docs/CVE-2025-15079.json", "https://hackerone.com/reports/3477116", "http://www.openwall.com/lists/oss-security/2026/01/07/6" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.00047, "percentile": 0.14506, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-15079", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2013-4392", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00042, "percentile": 0.12744, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2013-4392", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 3.4, "impactScore": 5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00042, "percentile": 0.12744, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4f3b916d8498c51d", "name": "libsystemd0", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { "name": "systemd" } ] } }, { "vulnerability": { "id": "CVE-2013-4392", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00042, "percentile": 0.12744, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2013-4392", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "http://www.openwall.com/lists/oss-security/2013/10/01/9", "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 3.4, "impactScore": 5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2013-4392", "epss": 0.00042, "percentile": 0.12744, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2013-4392", "cwe": "CWE-59", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "systemd", "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "49db2eae5abce987", "name": "systemd", "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/Debian/systemd@257.9-1~deb13u1?distro=Debian", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-22185", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00027, "percentile": 0.07745, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00135 }, "relatedVulnerabilities": [ { "id": "CVE-2026-22185", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://bugs.openldap.org/show_bug.cgi?id=10421", "https://seclists.org/fulldisclosure/2026/Jan/5", "https://seclists.org/fulldisclosure/2026/Jan/8", "https://www.openldap.org/", "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { "source": "disclosure@vulncheck.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00027, "percentile": 0.07745, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "openldap", "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "46230cf5226e2e82", "name": "libldap2", "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { "name": "openldap" } ] } }, { "vulnerability": { "id": "CVE-2025-10966", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], "epss": [ { "cve": "CVE-2025-10966", "epss": 0.00026, "percentile": 0.0732, "date": "2026-05-18" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0013 }, "relatedVulnerabilities": [ { "id": "CVE-2025-10966", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-10966.html", "https://curl.se/docs/CVE-2025-10966.json", "https://hackerone.com/reports/3355218", "http://www.openwall.com/lists/oss-security/2025/11/05/2", "https://github.com/curl/curl/commit/b011e3fcfb06d6c0278595ee2ee297036fbe9793" ], "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 4.3, "exploitabilityScore": 2.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-10966", "epss": 0.00026, "percentile": 0.0732, "date": "2026-05-18" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2025-14017", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.0001, "percentile": 0.01029, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0005 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14017", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.3, "exploitabilityScore": 1.1, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.0001, "percentile": 0.01029, "date": "2026-05-18" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "curl", "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "2c9e2faa683beba2", "name": "libcurl4t64", "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { "name": "curl" } ] } }, { "vulnerability": { "id": "CVE-2026-42009", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42009", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { "cve": "CVE-2026-42009", "cwe": "CWE-475", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42009", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-42009", "https://bugzilla.redhat.com/show_bug.cgi?id=2467279" ], "description": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "cwes": [ { "cve": "CVE-2026-42009", "cwe": "CWE-475", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42009", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-42012", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42012", "namespace": "debian:distro:debian:13", "severity": "Unknown", "urls": [], "cvss": [], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42012", "dataSource": "nvd", "namespace": "nvd:cpe", "severity": "Unknown", "urls": [], "cvss": [] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42012", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-42013", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42013", "namespace": "debian:distro:debian:13", "severity": "Unknown", "urls": [], "cvss": [], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42013", "dataSource": "nvd", "namespace": "nvd:cpe", "severity": "Unknown", "urls": [], "cvss": [] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42013", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-42014", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42014", "namespace": "debian:distro:debian:13", "severity": "Unknown", "urls": [], "cvss": [], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42014", "dataSource": "nvd", "namespace": "nvd:cpe", "severity": "Unknown", "urls": [], "cvss": [] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42014", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-42015", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-42015", "namespace": "debian:distro:debian:13", "severity": "Unknown", "urls": [], "cvss": [], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0 }, "relatedVulnerabilities": [ { "id": "CVE-2026-42015", "dataSource": "nvd", "namespace": "nvd:cpe", "severity": "Unknown", "urls": [], "cvss": [] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-42015", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-5260", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5260", "namespace": "debian:distro:debian:13", "severity": "Unknown", "urls": [], "cvss": [], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5260", "dataSource": "nvd", "namespace": "nvd:cpe", "severity": "Unknown", "urls": [], "cvss": [] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5260", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } }, { "vulnerability": { "id": "CVE-2026-5419", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-5419", "namespace": "debian:distro:debian:13", "severity": "Unknown", "urls": [], "cvss": [], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5419", "dataSource": "nvd", "namespace": "nvd:cpe", "severity": "Unknown", "urls": [], "cvss": [] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "13" }, "package": { "name": "gnutls28", "version": "3.8.9-3+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { "vulnerabilityID": "CVE-2026-5419", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3c7a5e6105f5c289", "name": "libgnutls30t64", "version": "3.8.9-3+deb13u2", "type": "deb", "locations": [ { "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3\\+deb13u2:*:*:*:*:*:*:*" ], "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { "name": "gnutls28" } ] } } ], "source": { "type": "image", "target": { "userInput": "ghcr.io/fluent/fluent-bit:4.2.4", "imageID": "sha256:5315323714cfe363f81fa6f6388437c5e9a928efe77091ef8914a223026b6a40", "manifestDigest": "sha256:c848b2d60b11d0edc6d01d393098fd58d0c26b41c422a9ca13652266ca7eefb9", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ "ghcr.io/fluent/fluent-bit:4.2.4" ], "imageSize": 115018644, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:82c60ccaf916322916d16bcdb4223f93acc1f68e2087dba4ddf64990b1dc27fb", "size": 273007 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:621c35e751a51a9a9dc3e80aa0b7fe8be2a93402ea6ccd307d30852cd7776cda", "size": 23235 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:ac2a91ec876dfaf2145e14b0b43ce6b3ea3d4edb28a0df9d91c52f2efbb8e1a7", "size": 758021 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:f15316efa9979a44eee43172e640630f60407180eff3d985274befd600bb227d", "size": 820241 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:275a30dd8ce958b21daa9ad962c6fbc09f98306ee2f486b65c9075dc257b1412", "size": 88832 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "size": 149 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:bd3cdfae1d3fdd83a2231d608969b38b82349777c2fff9a7c12d54f8ac5c9b38", "size": 64 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:4cde6b0bb6f50a5f255eef7b2a42162c661cf776b803225dcac9a659e396bb6b", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:ad51d0769d16ba578106a177987dfe3d2e02c1668c852b795b2f6b024068242a", "size": 497 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:187cfc6d1e3e8a40a5e64653bcd3239c140807dcf1c09e48021178705a5a6139", "size": 344 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:5fd2536c39c0700be8b7b4344e375196da2f126842fd8ede66996a18860a3890", "size": 243389 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1", "size": 13027108 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:1a6e423bca2d12ae8428c7b3a06be964f6166ecd4d90d8d30bfcc99c40740dc7", "size": 7995268 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:c0e409312adc366898967307565f692bb33d43a439d3de48e27d14b742389725", "size": 855198 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", "size": 160500 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:1f5d28bd51650f429293f7730ede274b81dc0744aa918bc887133c4ad610258c", "size": 348649 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:6e18ad80f3d64a8cbbcd1ff2e8a0d5ce7282cf664e816b86183a59d30a618e8a", "size": 2643383 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:c16b2ec4b1493bad1b1de23d659c899e60abb166bda756d02792f0a03ba54a43", "size": 183637 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:7db505d90756626f425c6c5468eca565c82f589b144ecaa4f411ad9bbf79e614", "size": 106287 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:73c462bbf110b45d1a57a4d592f0cec743bc1bf41281b698149f276b7abaa3b3", "size": 18011939 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:6e44283802933cda950b734ee01ba8ec30be4494cba25e078f38d3afb7f310d6", "size": 225539 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:afc0456e6dd5330673122a54ed845c114384e23d647d21d04649934a4d4d15bc", "size": 69253357 } ], "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo2ODE0LCJkaWdlc3QiOiJzaGEyNTY6NTMxNTMyMzcxNGNmZTM2M2Y4MWZhNmY2Mzg4NDM3YzVlOWE5MjhlZmU3NzA5MWVmODkxNGEyMjMwMjZiNmE0MCJ9LCJsYXllcnMiOlt7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozMzc5MjAsImRpZ2VzdCI6InNoYTI1Njo4MmM2MGNjYWY5MTYzMjI5MTZkMTZiY2RiNDIyM2Y5M2FjYzFmNjhlMjA4N2RiYTRkZGY2NDk5MGIxZGMyN2ZiIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NDA5NjAsImRpZ2VzdCI6InNoYTI1Njo2MjFjMzVlNzUxYTUxYTlhOWRjM2U4MGFhMGI3ZmU4YmUyYTkzNDAyZWE2Y2NkMzA3ZDMwODUyY2Q3Nzc2Y2RhIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTE2NzM2MCwiZGlnZXN0Ijoic2hhMjU2OmFjMmE5MWVjODc2ZGZhZjIxNDVlMTRiMGI0M2NlNmIzZWEzZDRlZGIyOGEwZGY5ZDkxYzUyZjJlZmJiOGUxYTcifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMzMxMjAwLCJkaWdlc3QiOiJzaGEyNTY6ZjE1MzE2ZWZhOTk3OWE0NGVlZTQzMTcyZTY0MDYzMGY2MDQwNzE4MGVmZjNkOTg1Mjc0YmVmZDYwMGJiMjI3ZCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEwMjQwMCwiZGlnZXN0Ijoic2hhMjU2OjI3NWEzMGRkOGNlOTU4YjIxZGFhOWFkOTYyYzZmYmMwOWY5ODMwNmVlMmY0ODZiNjVjOTA3NWRjMjU3YjE0MTIifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxNTM2LCJkaWdlc3QiOiJzaGEyNTY6NGQwNDlmODNkOWNmMjFkMWY1Y2MwZTExZGVhZjM2ZGYwMjc5MGQwZTYwYzFhMzgyOTUzOGZiNGI2MTY4NTM2OCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1NjAsImRpZ2VzdCI6InNoYTI1NjphZjVhYTk3ZWJlNmNlMTYwNDc0N2VjMWUyMWFmNzEzNmRlZDM5MWJjYWJlNGFjZWY4ODJlNzE4YTg3Yzg2YmNjIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjU2MCwiZGlnZXN0Ijoic2hhMjU2OjZmMWNkY2ViNmEzMTQ2ZjBjY2I5ODY1MjExNTZiZWY4YTQyMmNkYmIwODYzMzk2ZjdmNzUxZjU3NWJhMzA4ZjQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyNTYwLCJkaWdlc3QiOiJzaGEyNTY6YmQzY2RmYWUxZDNmZGQ4M2EyMjMxZDYwODk2OWIzOGI4MjM0OTc3N2MyZmZmOWE3YzEyZDU0ZjhhYzVjOWIzOCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjE1MzYsImRpZ2VzdCI6InNoYTI1Njo0Y2RlNmIwYmI2ZjUwYTVmMjU1ZWVmN2IyYTQyMTYyYzY2MWNmNzc2YjgwMzIyNWRjYWM5YTY1OWUzOTZiYjZiIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OmFkNTFkMDc2OWQxNmJhNTc4MTA2YTE3Nzk4N2RmZTNkMmUwMmMxNjY4Yzg1MmI3OTViMmY2YjAyNDA2ODI0MmEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozMDcyLCJkaWdlc3QiOiJzaGEyNTY6MTg3Y2ZjNmQxZTNlOGE0MGE1ZTY0NjUzYmNkMzIzOWMxNDA4MDdkY2YxYzA5ZTQ4MDIxMTc4NzA1YTVhNjEzOSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI0OTM0NCwiZGlnZXN0Ijoic2hhMjU2OjVmZDI1MzZjMzljMDcwMGJlOGI3YjQzNDRlMzc1MTk2ZGEyZjEyNjg0MmZkOGVkZTY2OTk2YTE4ODYwYTM4OTAifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxMzI5MTUyMCwiZGlnZXN0Ijoic2hhMjU2OjMxOGJjMjUyNjU2Y2U1YjNjNzdmYzlhMTNlMzAyYmJhNjgzZjgxM2Q0YjE5YzIxYmU2ZTBhZDNhY2M3YWRhZjEifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjo4MDE3OTIwLCJkaWdlc3QiOiJzaGEyNTY6MWE2ZTQyM2JjYTJkMTJhZTg0MjhjN2IzYTA2YmU5NjRmNjE2NmVjZDRkOTBkOGQzMGJmY2M5OWM0MDc0MGRjNyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjg3MDQwMCwiZGlnZXN0Ijoic2hhMjU2OmMwZTQwOTMxMmFkYzM2Njg5ODk2NzMwNzU2NWY2OTJiYjMzZDQzYTQzOWQzZGU0OGUyN2QxNGI3NDIzODk3MjUifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxNzQwODAsImRpZ2VzdCI6InNoYTI1NjplNGJhOTY2ZDdmMDUyN2RmZTBmY2I1NTllNGUxOGQ0ZGE0MmM0ZTZiZWFlOTI0NzE5MjU1ZTBkZWRiNTU0ZWQwIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MzU4NDAwLCJkaWdlc3QiOiJzaGEyNTY6MWY1ZDI4YmQ1MTY1MGY0MjkyOTNmNzczMGVkZTI3NGI4MWRjMDc0NGFhOTE4YmM4ODcxMzNjNGFkNjEwMjU4YyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI2NjI0MDAsImRpZ2VzdCI6InNoYTI1Njo2ZTE4YWQ4MGYzZDY0YThjYmJjZDFmZjJlOGEwZDVjZTcyODJjZjY2NGU4MTZiODYxODNhNTlkMzBhNjE4ZThhIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTk0NTYwLCJkaWdlc3QiOiJzaGEyNTY6YzE2YjJlYzRiMTQ5M2JhZDFiMWRlMjNkNjU5Yzg5OWU2MGFiYjE2NmJkYTc1NmQwMjc5MmYwYTAzYmE1NGE0MyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEyMjg4MCwiZGlnZXN0Ijoic2hhMjU2OjdkYjUwNWQ5MDc1NjYyNmY0MjVjNmM1NDY4ZWNhNTY1YzgyZjU4OWIxNDRlY2FhNGY0MTFhZDliYmY3OWU2MTQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoxODI5Nzg1NiwiZGlnZXN0Ijoic2hhMjU2OjczYzQ2MmJiZjExMGI0NWQxYTU3YTRkNTkyZjBjZWM3NDNiYzFiZjQxMjgxYjY5ODE0OWYyNzZiN2FiYWEzYjMifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozODYwNDgsImRpZ2VzdCI6InNoYTI1Njo2ZTQ0MjgzODAyOTMzY2RhOTUwYjczNGVlMDFiYThlYzMwYmU0NDk0Y2JhMjVlMDc4ZjM4ZDNhZmI3ZjMxMGQ2In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NjkyNjM4NzIsImRpZ2VzdCI6InNoYTI1NjphZmMwNDU2ZTZkZDUzMzA2NzMxMjJhNTRlZDg0NWMxMTQzODRlMjNkNjQ3ZDIxZDA0NjQ5OTM0YTRkNGQxNWJjIn1dfQ==", "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiMCIsIkV4cG9zZWRQb3J0cyI6eyIyMDIwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJTU0xfQ0VSVF9GSUxFPS9ldGMvc3NsL2NlcnRzL2NhLWNlcnRpZmljYXRlcy5jcnQiLCJGTFVFTlRfQklUX1ZFUlNJT049NC4yLjQiXSwiRW50cnlwb2ludCI6WyIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdCJdLCJDbWQiOlsiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXQiLCItYyIsIi9mbHVlbnQtYml0L2V0Yy9mbHVlbnQtYml0LmNvbmYiXSwiV29ya2luZ0RpciI6Ii8iLCJMYWJlbHMiOnsiYXV0aG9yIjoiRWR1YXJkbyBTaWx2YSBcdTAwM2NlZHVhcmRvLnNpbHZhQGNocm9ub3NwaGVyZS5pb1x1MDAzZSIsImRlc2NyaXB0aW9uIjoiRmx1ZW50IEJpdCBtdWx0aS1hcmNoaXRlY3R1cmUgY29udGFpbmVyIGltYWdlIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmF1dGhvcnMiOiJFZHVhcmRvIFNpbHZhIFx1MDAzY2VkdWFyZG8uc2lsdmFAY2hyb25vc3BoZXJlLmlvXHUwMDNlIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmRlc2NyaXB0aW9uIjoiRmx1ZW50IEJpdCBjb250YWluZXIgaW1hZ2UiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UuZG9jdW1lbnRhdGlvbiI6Imh0dHBzOi8vZG9jcy5mbHVlbnRiaXQuaW8vIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmxpY2Vuc2VzIjoiQXBhY2hlLTIuMCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5zb3VyY2UiOiJodHRwczovL2dpdGh1Yi5jb20vZmx1ZW50L2ZsdWVudC1iaXQiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudGl0bGUiOiJGbHVlbnQgQml0Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnZlbmRvciI6IkZsdWVudCBPcmdhbml6YXRpb24iLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudmVyc2lvbiI6IjQuMi40IiwidmVuZG9yIjoiRmx1ZW50IE9yZ2FuaXphdGlvbiIsInZlcnNpb24iOiI0LjIuNCJ9LCJBcmdzRXNjYXBlZCI6dHJ1ZX0sImNyZWF0ZWQiOiIyMDI2LTA0LTEwVDA3OjA4OjAxLjczMzc1MDE5NVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMTk3MC0wMS0wMVQwMDowMDowMFoiLCJjcmVhdGVkX2J5IjoiYmF6ZWwgYnVpbGQgQHRyaXhpZS8vYmFzZS1maWxlcy9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9uZXRiYXNlL2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL3R6ZGF0YS9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy90emRhdGEtbGVnYWN5L2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL21lZGlhLXR5cGVzL2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOnJvb3RmcyJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOnBhc3N3ZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOmhvbWUifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCAvL2NvbW1vbjpncm91cCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOnRtcCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vc3RhdGljOm5zc3dpdGNoIn0seyJjcmVhdGVkIjoiMTk3MC0wMS0wMVQwMDowMDowMFoiLCJjcmVhdGVkX2J5IjoiYmF6ZWwgYnVpbGQgLy9jb21tb246b3NfcmVsZWFzZV9kZWJpYW4xMyJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIC8vY29tbW9uOmNhY2VydHNfZGViaWFuMTNfYW1kNjQifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9saWJjNi9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9saWJzc2wzdDY0L2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL2xpYnpzdGQxL2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL3psaWIxZy9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9saWJnb21wMS9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9saWJzdGRjKys2L2FtZDY0OmRhdGFfc3RhdHVzZCJ9LHsiY3JlYXRlZCI6IjE5NzAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlYXRlZF9ieSI6ImJhemVsIGJ1aWxkIEB0cml4aWUvL2xpYmdjYy1zMS9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWF0ZWRfYnkiOiJiYXplbCBidWlsZCBAdHJpeGllLy9nY2MtMTQtYmFzZS9hbWQ2NDpkYXRhX3N0YXR1c2QifSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTEwVDA3OjAzOjM2Ljk4NTcwMjkxOVoiLCJjcmVhdGVkX2J5IjoiQVJHIFJFTEVBU0VfVkVSU0lPTj00LjIuNCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMTBUMDc6MDM6MzYuOTg1NzAyOTE5WiIsImNyZWF0ZWRfYnkiOiJFTlYgRkxVRU5UX0JJVF9WRVJTSU9OPTQuMi40IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNC0xMFQwNzowMzozNi45ODU3MDI5MTlaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGRlc2NyaXB0aW9uPUZsdWVudCBCaXQgbXVsdGktYXJjaGl0ZWN0dXJlIGNvbnRhaW5lciBpbWFnZSB2ZW5kb3I9Rmx1ZW50IE9yZ2FuaXphdGlvbiB2ZXJzaW9uPTQuMi40IGF1dGhvcj1FZHVhcmRvIFNpbHZhIFx1MDAzY2VkdWFyZG8uc2lsdmFAY2hyb25vc3BoZXJlLmlvXHUwMDNlIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5kZXNjcmlwdGlvbj1GbHVlbnQgQml0IGNvbnRhaW5lciBpbWFnZSBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudGl0bGU9Rmx1ZW50IEJpdCBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UubGljZW5zZXM9QXBhY2hlLTIuMCBvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudmVuZG9yPUZsdWVudCBPcmdhbml6YXRpb24gb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnZlcnNpb249NC4yLjQgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnNvdXJjZT1odHRwczovL2dpdGh1Yi5jb20vZmx1ZW50L2ZsdWVudC1iaXQgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLmRvY3VtZW50YXRpb249aHR0cHM6Ly9kb2NzLmZsdWVudGJpdC5pby8gb3JnLm9wZW5jb250YWluZXJzLmltYWdlLmF1dGhvcnM9RWR1YXJkbyBTaWx2YSBcdTAwM2NlZHVhcmRvLnNpbHZhQGNocm9ub3NwaGVyZS5pb1x1MDAzZSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMTBUMDc6MDM6MzYuOTg1NzAyOTE5WiIsImNyZWF0ZWRfYnkiOiJDT1BZIC9kcGtnIC8gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNC0xMFQwNzowODowMS42NjYxMTQyODdaIiwiY3JlYXRlZF9ieSI6IkNPUFkgL2V0Yy9zc2wvY2VydHMgL2V0Yy9zc2wvY2VydHMgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNC0xMFQwNzowODowMS43MzM3NTAxOTVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgL2ZsdWVudC1iaXQgL2ZsdWVudC1iaXQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNC0xMFQwNzowODowMS43MzM3NTAxOTVaIiwiY3JlYXRlZF9ieSI6IkVYUE9TRSBbMjAyMC90Y3BdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNC0xMFQwNzowODowMS43MzM3NTAxOTVaIiwiY3JlYXRlZF9ieSI6IkVOVFJZUE9JTlQgW1wiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXRcIl0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTEwVDA3OjA4OjAxLjczMzc1MDE5NVoiLCJjcmVhdGVkX2J5IjoiQ01EIFtcIi9mbHVlbnQtYml0L2Jpbi9mbHVlbnQtYml0XCIgXCItY1wiIFwiL2ZsdWVudC1iaXQvZXRjL2ZsdWVudC1iaXQuY29uZlwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2OjgyYzYwY2NhZjkxNjMyMjkxNmQxNmJjZGI0MjIzZjkzYWNjMWY2OGUyMDg3ZGJhNGRkZjY0OTkwYjFkYzI3ZmIiLCJzaGEyNTY6NjIxYzM1ZTc1MWE1MWE5YTlkYzNlODBhYTBiN2ZlOGJlMmE5MzQwMmVhNmNjZDMwN2QzMDg1MmNkNzc3NmNkYSIsInNoYTI1NjphYzJhOTFlYzg3NmRmYWYyMTQ1ZTE0YjBiNDNjZTZiM2VhM2Q0ZWRiMjhhMGRmOWQ5MWM1MmYyZWZiYjhlMWE3Iiwic2hhMjU2OmYxNTMxNmVmYTk5NzlhNDRlZWU0MzE3MmU2NDA2MzBmNjA0MDcxODBlZmYzZDk4NTI3NGJlZmQ2MDBiYjIyN2QiLCJzaGEyNTY6Mjc1YTMwZGQ4Y2U5NThiMjFkYWE5YWQ5NjJjNmZiYzA5Zjk4MzA2ZWUyZjQ4NmI2NWM5MDc1ZGMyNTdiMTQxMiIsInNoYTI1Njo0ZDA0OWY4M2Q5Y2YyMWQxZjVjYzBlMTFkZWFmMzZkZjAyNzkwZDBlNjBjMWEzODI5NTM4ZmI0YjYxNjg1MzY4Iiwic2hhMjU2OmFmNWFhOTdlYmU2Y2UxNjA0NzQ3ZWMxZTIxYWY3MTM2ZGVkMzkxYmNhYmU0YWNlZjg4MmU3MThhODdjODZiY2MiLCJzaGEyNTY6NmYxY2RjZWI2YTMxNDZmMGNjYjk4NjUyMTE1NmJlZjhhNDIyY2RiYjA4NjMzOTZmN2Y3NTFmNTc1YmEzMDhmNCIsInNoYTI1NjpiZDNjZGZhZTFkM2ZkZDgzYTIyMzFkNjA4OTY5YjM4YjgyMzQ5Nzc3YzJmZmY5YTdjMTJkNTRmOGFjNWM5YjM4Iiwic2hhMjU2OjRjZGU2YjBiYjZmNTBhNWYyNTVlZWY3YjJhNDIxNjJjNjYxY2Y3NzZiODAzMjI1ZGNhYzlhNjU5ZTM5NmJiNmIiLCJzaGEyNTY6YWQ1MWQwNzY5ZDE2YmE1NzgxMDZhMTc3OTg3ZGZlM2QyZTAyYzE2NjhjODUyYjc5NWIyZjZiMDI0MDY4MjQyYSIsInNoYTI1NjoxODdjZmM2ZDFlM2U4YTQwYTVlNjQ2NTNiY2QzMjM5YzE0MDgwN2RjZjFjMDllNDgwMjExNzg3MDVhNWE2MTM5Iiwic2hhMjU2OjVmZDI1MzZjMzljMDcwMGJlOGI3YjQzNDRlMzc1MTk2ZGEyZjEyNjg0MmZkOGVkZTY2OTk2YTE4ODYwYTM4OTAiLCJzaGEyNTY6MzE4YmMyNTI2NTZjZTViM2M3N2ZjOWExM2UzMDJiYmE2ODNmODEzZDRiMTljMjFiZTZlMGFkM2FjYzdhZGFmMSIsInNoYTI1NjoxYTZlNDIzYmNhMmQxMmFlODQyOGM3YjNhMDZiZTk2NGY2MTY2ZWNkNGQ5MGQ4ZDMwYmZjYzk5YzQwNzQwZGM3Iiwic2hhMjU2OmMwZTQwOTMxMmFkYzM2Njg5ODk2NzMwNzU2NWY2OTJiYjMzZDQzYTQzOWQzZGU0OGUyN2QxNGI3NDIzODk3MjUiLCJzaGEyNTY6ZTRiYTk2NmQ3ZjA1MjdkZmUwZmNiNTU5ZTRlMThkNGRhNDJjNGU2YmVhZTkyNDcxOTI1NWUwZGVkYjU1NGVkMCIsInNoYTI1NjoxZjVkMjhiZDUxNjUwZjQyOTI5M2Y3NzMwZWRlMjc0YjgxZGMwNzQ0YWE5MThiYzg4NzEzM2M0YWQ2MTAyNThjIiwic2hhMjU2OjZlMThhZDgwZjNkNjRhOGNiYmNkMWZmMmU4YTBkNWNlNzI4MmNmNjY0ZTgxNmI4NjE4M2E1OWQzMGE2MThlOGEiLCJzaGEyNTY6YzE2YjJlYzRiMTQ5M2JhZDFiMWRlMjNkNjU5Yzg5OWU2MGFiYjE2NmJkYTc1NmQwMjc5MmYwYTAzYmE1NGE0MyIsInNoYTI1Njo3ZGI1MDVkOTA3NTY2MjZmNDI1YzZjNTQ2OGVjYTU2NWM4MmY1ODliMTQ0ZWNhYTRmNDExYWQ5YmJmNzllNjE0Iiwic2hhMjU2OjczYzQ2MmJiZjExMGI0NWQxYTU3YTRkNTkyZjBjZWM3NDNiYzFiZjQxMjgxYjY5ODE0OWYyNzZiN2FiYWEzYjMiLCJzaGEyNTY6NmU0NDI4MzgwMjkzM2NkYTk1MGI3MzRlZTAxYmE4ZWMzMGJlNDQ5NGNiYTI1ZTA3OGYzOGQzYWZiN2YzMTBkNiIsInNoYTI1NjphZmMwNDU2ZTZkZDUzMzA2NzMxMjJhNTRlZDg0NWMxMTQzODRlMjNkNjQ3ZDIxZDA0NjQ5OTM0YTRkNGQxNWJjIl19fQ==", "repoDigests": [ "ghcr.io/fluent/fluent-bit@sha256:f0d24db349929c1b9fd655384278c687993070c3ba325490f130fae12aa9d60c" ], "architecture": "amd64", "os": "linux", "labels": { "author": "Eduardo Silva ", "description": "Fluent Bit multi-architecture container image", "org.opencontainers.image.authors": "Eduardo Silva ", "org.opencontainers.image.description": "Fluent Bit container image", "org.opencontainers.image.documentation": "https://docs.fluentbit.io/", "org.opencontainers.image.licenses": "Apache-2.0", "org.opencontainers.image.source": "https://github.com/fluent/fluent-bit", "org.opencontainers.image.title": "Fluent Bit", "org.opencontainers.image.vendor": "Fluent Organization", "org.opencontainers.image.version": "4.2.4", "vendor": "Fluent Organization", "version": "4.2.4" } } }, "distro": { "name": "debian", "version": "13", "idLike": [] }, "descriptor": { "name": "grype", "version": "0.112.0", "configuration": { "output": [ "json" ], "file": "agent/security/oss/grype-4.2.4.json", "pretty": true, "distro": "", "add-cpes-if-none": false, "output-template-file": "", "check-for-app-update": true, "only-fixed": false, "only-notfixed": false, "ignore-wontfix": "", "platform": "", "search": { "scope": "squashed", "unindexed-archives": false, "indexed-archives": true }, "ignore": [ { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "kernel-headers", "version": "", "language": "", "type": "rpm", "location": "", "upstream-name": "kernel" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux(-.*)?-headers-.*", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux.*" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux-libc-dev", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" } ], "exclude": [], "externalSources": { "enable": false, "maven": { "searchUpstreamBySha1": true, "baseUrl": "https://search.maven.org/solrsearch/select", "rateLimit": 300000000 } }, "match": { "java": { "using-cpes": false }, "jvm": { "using-cpes": true }, "dotnet": { "using-cpes": false }, "golang": { "using-cpes": false, "always-use-cpe-for-stdlib": true, "allow-main-module-pseudo-version-comparison": false }, "javascript": { "using-cpes": false }, "python": { "using-cpes": false }, "ruby": { "using-cpes": false }, "rust": { "using-cpes": false }, "hex": { "using-cpes": false }, "stock": { "using-cpes": true }, "dpkg": { "using-cpes": false, "missing-epoch-strategy": "zero", "use-cpes-for-eol": false }, "rpm": { "using-cpes": false, "missing-epoch-strategy": "auto", "use-cpes-for-eol": false } }, "fail-on-severity": "", "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, "ca-cert": "" }, "show-suppressed": false, "by-cve": false, "SortBy": { "sort-by": "risk" }, "name": "", "default-image-pull-source": "", "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, "fix-channel": { "redhat-eus": { "apply": "auto", "versions": ">= 8.0" } }, "timestamp": false, "alerts": { "enable-eol-distro-warnings": true }, "db": { "cache-dir": ".cache/grype/db", "update-url": "https://grype.anchore.io/databases", "ca-cert": "", "auto-update": true, "validate-by-hash-on-start": true, "validate-age": true, "max-allowed-built-age": 432000000000000, "require-update-check": false, "update-available-timeout": 30000000000, "update-download-timeout": 300000000000, "max-update-check-frequency": 7200000000000 }, "exp": {}, "dev": { "db": { "debug": false } } }, "db": { "status": { "schemaVersion": "v6.1.4", "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-05-19T00:50:19Z_1779176089.tar.zst?checksum=sha256%3A6db37701ca5e92b4c4a2b45147eebecb9c743afb4abdeae1b8f62779e4470fd8", "built": "2026-05-19T07:34:49Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { "captured": "2026-05-19T00:50:54Z", "input": "xxh64:8a0b200c82b4bffe" }, "alpine": { "captured": "2026-05-19T00:50:54Z", "input": "xxh64:15a6dfb4b483c909" }, "amazon": { "captured": "2026-05-19T00:50:45Z", "input": "xxh64:c76ea1ba8c10ac4e" }, "arch": { "captured": "2026-05-19T00:50:40Z", "input": "xxh64:5bb676e969bb424b" }, "bitnami": { "captured": "2026-05-19T00:50:41Z", "input": "xxh64:15f479ac2ca08471" }, "chainguard": { "captured": "2026-05-19T00:50:19Z", "input": "xxh64:9b64f5e1823ceb7c" }, "chainguard-libraries": { "captured": "2026-05-19T00:50:52Z", "input": "xxh64:7ba917a690b5cd55" }, "debian": { "captured": "2026-05-19T00:50:52Z", "input": "xxh64:1f32c09b20bf1f98" }, "echo": { "captured": "2026-05-19T00:50:45Z", "input": "xxh64:84be2fecd1330d3d" }, "eol": { "captured": "2026-05-19T00:50:27Z", "input": "xxh64:173ee65da85a6b41" }, "epss": { "captured": "2026-05-19T00:50:59Z", "input": "xxh64:39e5820e1d218857" }, "fedora": { "captured": "2026-05-19T00:50:32Z", "input": "xxh64:f3196a7acc2f8c21" }, "github": { "captured": "2026-05-19T00:50:57Z", "input": "xxh64:3ab10c7d1f6a0de1" }, "hummingbird": { "captured": "2026-05-19T00:50:32Z", "input": "xxh64:f964805930c16075" }, "kev": { "captured": "2026-05-19T00:50:53Z", "input": "xxh64:6533b4dbac6e282e" }, "mariner": { "captured": "2026-05-19T00:50:25Z", "input": "xxh64:8475e97fb018bd65" }, "minimos": { "captured": "2026-05-19T00:50:48Z", "input": "xxh64:cb58cfa857f2197e" }, "nvd": { "captured": "2026-05-19T00:51:05Z", "input": "xxh64:3ef1b0815f4a28ec" }, "oracle": { "captured": "2026-05-19T00:51:02Z", "input": "xxh64:5c02a79512b77eaa" }, "photon": { "captured": "2026-05-19T00:50:46Z", "input": "xxh64:f015a502cfdf4e49" }, "rhel": { "captured": "2026-05-19T00:51:30Z", "input": "xxh64:d3b63fa51919c93a" }, "secureos": { "captured": "2026-05-19T00:50:54Z", "input": "xxh64:f3b7aed78e796622" }, "sles": { "captured": "2026-05-19T01:23:31Z", "input": "xxh64:07dd3622ee4e9947" }, "ubuntu": { "captured": "2026-05-19T00:55:07Z", "input": "xxh64:b94964f72fbb9821" }, "wolfi": { "captured": "2026-05-19T00:50:55Z", "input": "xxh64:28a3e3edccc0f350" } } } } }