Odf4 Mcg-Core-Rhel9 vulnerabilities

CVE-2026-32952 [MEDIUM] CWE-190 go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge A flaw was found in the `go-ntlmssp` package. A remote attacker could exploit this vulnerability by sending a specially crafted NTLM (NT LAN Manager) challenge message. This malicious message can trigger a slice out of bounds panic, leading to a Denial of Service (DoS) by crashing any Go process that utilizes `ntlmssp.Negot

CVE-2026-41988 [LOW] CWE-787 uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions A flaw was found in uuid. When external output buffers are used with UUID versions 3, 5, or 6, an attacker with local access may be able to cause unexpected data writes. This vulnerability could lead to low impact data integrity issues. UUID version 4 is not affected. Pack

CVE-2026-31988 [MEDIUM] CWE-193 yauzl: yauzl: Denial of Service vulnerability in zip file processing yauzl: yauzl: Denial of Service vulnerability in zip file processing yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer bound