...
CVE Identifier | Highest Severity | Vulnerable Package | Date Reported | 3rd Party Patch Available? | Latest vulnerable FAM | Notes on vulnerability | Resloved Resolved FAM Version | FAM GA |
---|---|---|---|---|---|---|---|---|
CVE-2020-22218 | high | libssh2-1.8.0-4.el7.x86_64 | 08/22/2023 | awaiting patch | 4.9.0.2 | An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. | ||
critical | postgresql-42.2.2.jar (lumeta-api RPM) |
| postgresql-42.6.0.jar | 4.9.0.2 | Various issues regarding PostgreSQL's official JDBC driver. | 4.10 | ||
CVE-2023-38325 | high | cryptography-40.0.2-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | 07/14/2023 | awaiting patch | 4.9.0.2 | Mishandles SSH certificates that have critical options. | ||
high | bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64 bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64 bind-utils-9.11.4-26.P2.el7_9.13.x86_64 bind-license-9.11.4-26.P2.el7_9.13.noarch bind-libs-9.11.4-26.P2.el7_9.13.x86_64 | 06/21/2023 | awaiting patch | 4.9.0.2 | The effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. | |||
CVE-2023-30861 | high |
| 05/02/2023 | awaiting patch | 4.9.0.2 | A response containing data intended for one client may be cached and subsequently sent by the proxy to other clients | ||
CVE-2023-25577 CVE-2023-23934 | high |
| 02/14/2023 | awaiting patch | 4.9.0.2 | Various werkzeug issues | ||
CVE-2019-19919 CVE-2021-23369 CVE-2021-23383 WS-2020-0450 WS-2019-0064 CVE-2019-20920 WS-2019-0103 | critical |
| 12/20/2019 | handlebars-v4.7.8.js | 4.9.0.2 | Various handlebars issues | 4.10 | |
CVE-2023-37920 CVE-2022-23491 | critical |
| 07/25/2023 | certifi-2023.7.22-py3-none-any.whl | 4.9.0.2 | Various certifi issues | 4.10 |
...