Upgrade AlmaLinux:9 thunderbird to version 0:102.14.0-1.el9_2.alma or higher. This issue was patched in ALSA-2023:4499 .

buildah vulnerabilities

Known vulnerabilities in the buildah package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Improper Authorization	*
M Improper Input Validation	*
M Use of Uninitialized Variable	*
M Link Following	*
M Use of Uninitialized Variable	*
M Improper Input Validation	*
H Resource Exhaustion	<1:1.29.1-10.1.rhaos4.14.el8
M Improper Input Validation	*
H Resource Exhaustion	<1:1.29.1-10.1.rhaos4.14.el8
H Cross-site Scripting (XSS)	<1:1.29.1-10.1.rhaos4.14.el8
H Resource Exhaustion	<1:1.29.1-10.1.rhaos4.14.el8
H Allocation of Resources Without Limits or Throttling	<1:1.29.1-10.1.rhaos4.14.el8
H CVE-2023-39321	<1:1.29.1-10.1.rhaos4.14.el8
H Cross-site Scripting (XSS)	<1:1.29.1-10.1.rhaos4.14.el8
H Cross-site Scripting (XSS)	<1:1.29.1-10.1.rhaos4.14.el8
H Resource Exhaustion	<1:1.29.1-10.1.rhaos4.14.el8
H Resource Exhaustion	<1:1.29.1-10.1.rhaos4.14.el8
H Use of a Broken or Risky Cryptographic Algorithm	<1:1.29.1-10.1.rhaos4.14.el8
H Use After Free	<1:1.29.1-10.1.rhaos4.14.el8
H CVE-2023-2728	<1:1.29.1-10.1.rhaos4.14.el8
H CVE-2023-2727	<1:1.29.1-10.1.rhaos4.14.el8
H Resource Exhaustion	<1:1.29.1-10.1.rhaos4.14.el8
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
H Memory Leak	<1:1.29.1-10.4.rhaos4.14.el8
H Resource Exhaustion	<1:1.29.1-10.4.rhaos4.14.el8
H Memory Leak	<1:1.29.1-2.2.rhaos4.13.el8
H Improper Handling of Highly Compressed Data (Data Amplification)	<1:1.23.4-5.2.rhaos4.12.el8
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1:1.23.4-5.2.rhaos4.12.el8
H Memory Leak	<1:1.23.4-5.2.rhaos4.12.el8
H Improper Handling of Highly Compressed Data (Data Amplification)	<1:1.29.1-20.3.rhaos4.15.el8
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1:1.29.1-20.3.rhaos4.15.el8
H Memory Leak	<1:1.29.1-20.3.rhaos4.15.el8
H Memory Leak	<1:1.29.1-10.4.rhaos4.14.el8
H Improper Handling of Highly Compressed Data (Data Amplification)	<1:1.23.4-5.2.rhaos4.12.el8
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1:1.23.4-5.2.rhaos4.12.el8
H Truncation of Security-relevant Information	<1:1.29.1-20.2.rhaos4.15.el8
H Information Exposure	<1:1.29.1-20.2.rhaos4.15.el8
H Resource Exhaustion	<1:1.29.1-20.2.rhaos4.15.el8
H Resource Exhaustion	<1:1.29.1-20.2.rhaos4.15.el8
H Truncation of Security-relevant Information	<1:1.29.1-20.2.rhaos4.15.el8
H Resource Exhaustion	<1:1.29.1-20.2.rhaos4.15.el8
H Information Exposure	<1:1.29.1-20.2.rhaos4.15.el8
H Use of a Broken or Risky Cryptographic Algorithm	<1:1.23.4-3.rhaos4.11.el8
H Improper Handling of Unicode Encoding	<1:1.23.4-3.rhaos4.11.el8
H Improper Handling of Unicode Encoding	<1:1.23.4-4.1.rhaos4.12.el8
H Improper Handling of Unicode Encoding	<1:1.23.4-4.1.rhaos4.12.el8
M Improper Handling of Unicode Encoding	*
M Improper Handling of Unicode Encoding	*
M Improper Certificate Validation	<1:1.23.4-2.el8
M Improper Certificate Validation	<1:1.23.4-2.el8
M Incorrect Default Permissions	<1:1.23.4-2.el8
M Incorrect Default Permissions	<1:1.23.4-2.el8
M Improper Initialization	<1:1.23.4-2.el8
M Improper Initialization	<1:1.23.4-2.el8
M Server-Side Request Forgery (SSRF)	<1:1.23.4-2.el8
M Server-Side Request Forgery (SSRF)	<1:1.23.4-2.el8
M Directory Traversal	<1:1.23.4-2.el8
M Directory Traversal	<1:1.23.4-2.el8
M Improper Access Control	<1:1.23.4-2.el8
M Improper Access Control	<1:1.23.4-2.el8
M Resource Exhaustion	<1:1.23.4-2.el8
M Resource Exhaustion	<1:1.23.4-2.el8
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
L Placement of User into Incorrect Group	*
H Allocation of Resources Without Limits or Throttling	<1:1.23.4-3.rhaos4.11.el8
M Resource Exhaustion	<1:1.23.4-4.rhaos4.12.el8
M Resource Exhaustion	<1:1.23.4-4.rhaos4.12.el8
M Link Following	*
L Directory Traversal	*
M CVE-2022-41715	<1:1.23.4-4.rhaos4.12.el8
M CVE-2022-41715	<1:1.23.4-2.el8
M Allocation of Resources Without Limits or Throttling	<1:1.23.4-4.rhaos4.12.el8
M Allocation of Resources Without Limits or Throttling	<1:1.23.4-2.el8
M HTTP Request Smuggling	<1:1.23.4-4.rhaos4.12.el8
M HTTP Request Smuggling	<1:1.23.4-2.el8
M Directory Traversal	<1:1.23.4-2.el8
M Directory Traversal	<1:1.23.4-2.el8
M Resource Exhaustion	<1:1.23.4-2.el8
L Placement of User into Incorrect Group	*
M Resource Exhaustion	<1:1.23.4-2.el8
M Resource Exhaustion	<1:1.23.4-2.el8
M Information Exposure	<1:1.23.4-2.el8
M Information Exposure	<1:1.23.4-2.el8
M Improperly Controlled Sequential Memory Allocation	<1:1.23.4-4.rhaos4.12.el8
M Improperly Controlled Sequential Memory Allocation	<1:1.23.4-2.el8
M HTTP Request Smuggling	<1:1.23.4-2.el8
M HTTP Request Smuggling	<1:1.23.4-2.el8
M HTTP Request Smuggling	<1:1.23.4-2.el8
M Incorrect Authorization	<1:1.23.4-2.el8
M Incorrect Default Permissions	<1:1.23.4-2.el8
H Insufficient Entropy	<1:1.23.4-3.rhaos4.11.el8
H Integer Overflow or Wraparound	<1:1.23.4-3.rhaos4.11.el8
H Buffer Overflow	<1:1.23.4-3.rhaos4.11.el8
L Incorrect Default Permissions	*
M Missing Release of Resource after Effective Lifetime	<1:1.23.4-2.el8
M Use of a Broken or Risky Cryptographic Algorithm	<1:1.23.4-2.el8
M Resource Exhaustion	<1:1.23.4-2.el8
M Unchecked Return Value	<1:1.23.4-2.el8
M Incorrect Authorization	<1:1.23.4-2.el8
H Integer Overflow or Wraparound	<1:1.23.4-3.rhaos4.11.el8
M Improper Input Validation	<1:1.23.4-2.el8
L Race Condition	<0:1.11.6-9.rhaos4.5.el8
L Loop with Unreachable Exit Condition ('Infinite Loop')	<0:1.11.6-9.rhaos4.5.el8
M Information Exposure	*
M Improper Input Validation	*

Vulnerability

Vulnerable Version

Improper Authorization