Repo Status -
Overall Status
Page updated: 2024-04-20 17:48
| 1824463 | NEW | medium | CVE-2016-1000107 erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve [epel-8] |
| 1835374 | NEW | low | CVE-2020-12755 kio-extras: Unintended KWallet storage of a password [epel-8] |
| 1906415 | NEW | medium | CVE-2020-28086 pass: has a possibility of using a password for an unintended resource [epel-8] |
| 1928801 | NEW | medium | CVE-2020-24870 kf5-libkdcraw: LibRaw: stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp [epel-8] |
| 1978781 | NEW | low | CVE-2021-33844 sox: divide by zero crash in wav.c [epel-8] |
| 1978783 | NEW | low | CVE-2021-23172 sox: heap overflow in hcom.c [epel-8] |
| 1978788 | NEW | low | CVE-2021-23159 sox: heap based overflow in formats_i.c [epel-8] |
| 1983088 | NEW | low | CVE-2021-23210 sox: divide by zero in voc.c [epel-8] |
| 1993269 | NEW | medium | CVE-2021-3643 sox: buffer overflow read vulnerability [epel-8] |
| 2007589 | NEW | medium | CVE-2021-21239 python-pysaml2: An improper verification of cryptographic signature [epel-8] |
| 2007593 | NEW | medium | CVE-2021-21238 python-pysaml2: processing of invalid SAML XML documents [epel-8] |
| 2020396 | NEW | low | CVE-2021-30833 xar: unpacking a maliciously crafted archive may allow an attacker to write arbitrary files [epel-8] |
| 2022107 | NEW | medium | CVE-2021-42076 barrier: memory exhaustion in the server-side implementation and barrierc by sending long TCP messages [epel-8] |
| 2022110 | NEW | medium | CVE-2021-42075 barrier: server-side implementation does not correctly close file descriptors for established TCP connections [epel-8] |
| 2023401 | NEW | low | CVE-2021-41250 python-discord: by including any non-blacklisted URL moderation filters can be bypassed [epel-8] |
| 2039343 | NEW | medium | CVE-2022-0175 virglrenderer: memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak [epel-8] |
| 2048607 | NEW | medium | CVE-2022-0135 virglrenderer: out-of-bounds write in read_transfer_data() [epel-8] |
| 2054222 | NEW | medium | CVE-2021-4115 polkit-qt: polkit: file descriptor leak allows an unprivileged user to cause a crash [epel-8] |
| 2055870 | NEW | low | CVE-2022-24986 kcron: Invalid temporary file handling [epel-8] |
| 2059507 | NEW | medium | CVE-2022-21712 python-twisted: dev-python/twisted: secret exposure in cross-origin redirects [epel-8] |
| 2061806 | NEW | medium | CVE-2022-0235 golang-github-prometheus: node-fetch: exposure of sensitive information to an unauthorized actor [epel-all] |
| 2062720 | NEW | medium | CVE-2022-0536 golang-github-prometheus: follow-redirects: Exposure of Sensitive Information via Authorization Header leak [epel-all] |
| 2063874 | NEW | medium | CVE-2022-24737 httpie: cookie exposure to third parties [epel-all] |
| 2067346 | NEW | medium | CVE-2022-21698 golang-github-prometheus-node-exporter: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-all] |
| 2067347 | NEW | medium | CVE-2022-21698 golang-github-prometheus: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-all] |
| 2067349 | NEW | medium | CVE-2022-21698 rclone: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-all] |
| 2067350 | NEW | medium | CVE-2022-21698 golang-github-prometheus-alertmanager: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8] |
| 2067354 | NEW | medium | CVE-2022-21698 golang-github-prometheus: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8] |
| 2067355 | NEW | medium | CVE-2022-21698 golang-github-prometheus-node-exporter: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8] |
| 2067356 | NEW | medium | CVE-2022-21698 rclone: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8] |
| 2069008 | NEW | medium | CVE-2022-24771 golang-github-prometheus: node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery [epel-all] |
| 2069018 | NEW | medium | CVE-2022-24772 golang-github-prometheus: node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery [epel-all] |
| 2069036 | NEW | medium | CVE-2022-24773 golang-github-prometheus: node-forge: Signature verification leniency in checking `DigestInfo` structure [epel-all] |
| 2069347 | NEW | low | CVE-2021-28278 jhead: Heap-based buffer overflow via the RemoveSectionType function in jpgfile.c [epel-all] |
| 2069350 | NEW | low | CVE-2021-28277 jhead: Buffer overflow via the RemoveUnknownSections function in jpgfile.c [epel-all] |
| 2069353 | NEW | low | CVE-2021-28276 jhead: in the ProcessCanonMakerNoteDir function in makernote.c [epel-all] |
| 2069357 | NEW | low | CVE-2021-28275 jhead: Buffer over read in the Get16u function in exif.c [epel-all] |
| 2069392 | NEW | high | CVE-2022-23608 pjproject: pjsip: possible infinite loop in dialob list [epel-8] |
| 2070867 | NEW | high | CVE-2018-25032 BackupPC-XS: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs [epel-all] |
| 2074249 | NEW | medium | CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [epel-all] |
| 2074250 | NEW | medium | CVE-2022-27191 rclone: golang: crash in a golang.org/x/crypto/ssh server [epel-all] |
| 2074856 | NEW | high | CVE-2022-28346 netbox: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() [epel-all] |
| 2074868 | NEW | high | CVE-2022-28347 netbox: Django: SQL injection via QuerySet.explain(options) on PostgreSQL [epel-all] |
| 2075054 | NEW | low | CVE-2022-1341 bwm-ng: Null write in the get_cmdln_options function in src/options.c [epel-all] |
| 2075253 | NEW | medium | CVE-2022-24785 golang-github-prometheus: Moment.js: Path traversal in moment.locale [epel-all] |
| 2075278 | NEW | medium | CVE-2022-24785 golang-github-prometheus: Moment.js: Path traversal in moment.locale [epel-all] |
| 2076246 | NEW | low | CVE-2022-26498 CVE-2022-26499 CVE-2022-26651 asterisk: multiple vulnerabilities [epel-all] |
| 2076766 | NEW | low | CVE-2022-1475 qt5-qtwebengine: ffmpeg: integer overflow in g729_parse() in llibavcodec/g729_parser.c [epel-all] |
| 2079987 | NEW | medium | CVE-2022-1515 matio: memory leak in Mat_VarReadNextInfo5() in mat5.c [epel-all] |
| 2081600 | NEW | medium | CVE-2022-27470 SDL2_ttf: sdf_ttf: Arbitrary memory overwrite occurs when loading glyphs and rendering text with a malformed TTF file [epel-all] |
| 2082278 | NEW | medium | CVE-2022-29824 qt5-qtwebengine: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write [epel-all] |
| 2084682 | NEW | medium | CVE-2022-24675 dnscrypt-proxy: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084683 | NEW | medium | CVE-2022-24675 golang-github-prometheus: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084684 | NEW | medium | CVE-2022-24675 golang-github-prometheus-alertmanager: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084685 | NEW | medium | CVE-2022-24675 golang-github-prometheus-node-exporter: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084686 | NEW | medium | CVE-2022-24675 golang-x-crypto: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084687 | NEW | medium | CVE-2022-24675 golang-x-net: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084688 | NEW | medium | CVE-2022-24675 golang-x-text: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084689 | NEW | medium | CVE-2022-24675 golie: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084690 | NEW | medium | CVE-2022-24675 micro: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084692 | NEW | medium | CVE-2022-24675 rclone: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084693 | NEW | medium | CVE-2022-24675 reg: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084695 | NEW | medium | CVE-2022-24675 snapd: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
| 2084862 | NEW | medium | CVE-2022-28327 dnscrypt-proxy: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084863 | NEW | medium | CVE-2022-28327 golang-github-prometheus: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084864 | NEW | medium | CVE-2022-28327 golang-github-prometheus-alertmanager: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084866 | NEW | medium | CVE-2022-28327 golang-x-crypto: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084867 | NEW | medium | CVE-2022-28327 golang-x-net: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084868 | NEW | medium | CVE-2022-28327 golang-x-text: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084869 | NEW | medium | CVE-2022-28327 golie: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084870 | NEW | medium | CVE-2022-28327 micro: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084872 | NEW | medium | CVE-2022-28327 rclone: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084873 | NEW | medium | CVE-2022-28327 reg: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084875 | NEW | medium | CVE-2022-28327 snapd: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2084877 | NEW | medium | CVE-2022-28327 yubihsm-connector: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
| 2093308 | NEW | medium | CVE-2022-30783 ntfs-3g-system-compression: ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic [epel-all] |
| 2093315 | NEW | medium | CVE-2022-30784 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value [epel-all] |
| 2093323 | NEW | medium | CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [epel-all] |
| 2093327 | NEW | medium | CVE-2022-30786 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate [epel-all] |
| 2093336 | NEW | medium | CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [epel-all] |
| 2093343 | NEW | medium | CVE-2022-30788 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc [epel-all] |
| 2093353 | NEW | medium | CVE-2022-30789 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array [epel-all] |
| 2093363 | NEW | medium | CVE-2021-46790 ntfs-3g-system-compression: ntfs-3g: heap-based buffer overflow in ntfsck [epel-all] |
| 2094686 | NEW | medium | CVE-2021-40426 sox: heap-based buffer overflow vulnerability exists in the sphere.c start_read() function [epel-8] |
| 2094698 | NEW | medium | CVE-2022-31650 sox: a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a [epel-8] |
| 2094701 | NEW | medium | CVE-2022-31651 sox: an assertion failure in rate_init in rate.c in libsox.a [epel-8] |
| 2099405 | NEW | medium | CVE-2022-32983 knot-resolver: DNS cache poisoning [epel-all] |
| 2103121 | NEW | low | CVE-2022-33108 xpdf: a stack overflow vulnerability via the Object::Copy class of object.cc [epel-all] |
| 2106227 | NEW | medium | CVE-2022-30550 dovecot-fts-xapian: dovecot: Privilege escalation possible in dovecot when similar master and non-master passdbs are used [epel-8] |
| 2106239 | NEW | medium | CVE-2022-0430 httpie: Exposure of Sensitive Information to an Unauthorized Actor [epel-all] |
| 2110324 | NEW | medium | CVE-2022-35737 qt5-qtwebengine: sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4 [epel-8] |
| 2112231 | NEW | low | CVE-2022-34749 python-mistune: mistune: catastrophic backtracking [epel-all] |
| 2115431 | NEW | high | CVE-2022-29154 rsync-bpc: rsync: remote arbitrary files write inside the directories of connecting peers [epel-all] |
| 2116655 | NEW | medium | CVE-2022-37434 BackupPC-XS: zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field [epel-8] |
| 2119152 | NEW | medium | CVE-2022-2469 libgsasl: Out of bounds read causes DoS [epel-8] |
| 2120257 | NEW | medium | CVE-2022-2787 schroot: denial of service in schroot [epel-all] |
| 2121133 | NEW | medium | CVE-2016-3709 qt5-qtwebengine: libxml2: Incorrect server side include parsing can lead to XSS [epel-8] |
| 2122475 | NEW | low | CVE-2020-35525 qt5-qtwebengine: sqlite: Null pointer derreference in src/select.c [epel-all] |
| 2122484 | NEW | medium | CVE-2020-35527 qt5-qtwebengine: sqlite: Out of bounds access during table rename [epel-all] |
| 2123457 | NEW | low | CVE-2022-25887 golang-github-prometheus: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS [epel-all] |
| 2123623 | NEW | low | CVE-2022-3035 python-snipeit: possible XSS on dashboard and login note [epel-all] |
| 2124784 | NEW | medium | CVE-2022-38528 assimp: contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. [epel-all] |
| 2126813 | NEW | medium | CVE-2021-40647 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all] |
| 2126815 | NEW | medium | CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all] |
| 2126995 | NEW | medium | CVE-2021-43138 breeze-icon-theme: async: Prototype Pollution in async [epel-8] |
| 2128048 | NEW | medium | CVE-2022-39209 python-cmarkgfm: cmark-gfm: Unbounded resource exhaustion may lead to denial of service [epel-8] |
| 2128837 | NEW | medium | CVE-2022-38928 xpdf: Null Pointer Dereference in FoFiType1C [epel-all] |
| 2128881 | NEW | medium | CVE-2022-3173 python-snipeit: improper authentication in license files and API keys [epel-8] |
| 2128979 | NEW | medium | CVE-2022-40023 python-pecan: mako: REDoS in Lexer class [epel-all] |
| 2130858 | NEW | medium | CVE-2022-38222 xpdf: use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf [epel-all] |
| 2134316 | NEW | medium | CVE-2022-21222 golang-github-prometheus: css-what: ReDoS due to insecure regular expression [epel-all] |
| 2135441 | NEW | medium | CVE-2022-3517 breeze-icon-theme: nodejs-minimatch: ReDoS via the braceExpand function [epel-all] |
| 2135442 | NEW | medium | CVE-2022-3517 golang-github-prometheus: nodejs-minimatch: ReDoS via the braceExpand function [epel-all] |
| 2135648 | NEW | medium | CVE-2022-38248 nagios: multiple cross-site scripting (XSS) vulnerabilities at auditlog.php [epel-all] |
| 2135651 | NEW | medium | CVE-2022-38249 nagios: cross-site scripting (XSS) vulnerability via the MTR component [epel-all] |
| 2135657 | NEW | medium | CVE-2022-38247 nagios: cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel [epel-all] |
| 2135660 | NEW | medium | CVE-2022-38251 nagios: cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel [epel-all] |
| 2136003 | NEW | medium | CVE-2020-15853 supybot-fedora: anyone can run the "refresh" command [epel-all] |
| 2136275 | NEW | medium | CVE-2022-40303 qt5-qtwebengine: libxml2: integer overflows with XML_PARSE_HUGE [epel-all] |
| 2136292 | NEW | medium | CVE-2022-40304 qt5-qtwebengine: libxml2: dict corruption caused by entity reference cycles [epel-all] |
| 2139125 | NEW | medium | CVE-2022-20128 CVE-2022-3168 android-tools: directory traversal during adb pull [epel-all] |
| 2139801 | NEW | medium | CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977 CVE-2022-4198 CVE-2022-41988 CVE-2022-41999 OpenImageIO: Multiple Vulnerabilities [epel-all] |
| 2140226 | NEW | low | CVE-2021-34055 jhead: heap-buffer-overflow of exif.c [epel-all] |
| 2140598 | NEW | medium | CVE-2022-37603 golang-github-prometheus: loader-utils:Regular expression denial of service [epel-all] |
| 2141803 | NEW | urgent | CVE-2022-37026 erlang: erlang/otp: Client Authentication Bypass [epel-all] |
| 2142451 | NEW | high | CVE-2022-39353 breeze-icon-theme: xmldom: Allows multiple root elements in a DOM tree [epel-all] |
| 2142543 | NEW | low | CVE-2021-40241 xfig: buffer overflow in LANG in w_help.c [epel-8] |
| 2142605 | NEW | low | CVE-2022-3857 java-latest-openjdk: libpng: Null pointer dereference leads to segmentation fault [epel-8] |
| 2142766 | NEW | medium | CVE-2022-41882 nextcloud-client: desktop client can be tricked into opening/executing local files when clicking a nc://open/ link [epel-8] |
| 2143411 | NEW | low | CVE-2022-3964 CVE-2022-3965 qt5-qtwebengine: various flaws [epel-8] |
| 2149437 | NEW | medium | CVE-2022-46146 golang-github-prometheus: exporter-toolkit: authentication bypass via cache poisoning [epel-all] |
| 2149438 | NEW | medium | CVE-2022-46146 golang-github-prometheus-node-exporter: exporter-toolkit: authentication bypass via cache poisoning [epel-all] |
| 2149439 | NEW | medium | CVE-2022-46146 golang-github-prometheus-alertmanager: exporter-toolkit: authentication bypass via cache poisoning [epel-all] |
| 2150944 | NEW | low | CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [epel-8] |
| 2150950 | NEW | medium | CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [epel-8] |
| 2151099 | NEW | medium | CVE-2022-24999 breeze-icon-theme: express: "qs" prototype poisoning causes the hang of the node process [epel-8] |
| 2151101 | NEW | medium | CVE-2022-24999 qpid-dispatch: express: "qs" prototype poisoning causes the hang of the node process [epel-8] |
| 2151129 | NEW | low | CVE-2022-39331 nextcloud-client: XSS in Desktop Client in the notifications [epel-8] |
| 2151130 | NEW | low | CVE-2022-39332 nextcloud-client: XSS in Desktop Client via user status and information [epel-8] |
| 2151131 | NEW | low | CVE-2022-39333 nextcloud-client: XSS in Desktop Client in call notification popup [epel-8] |
| 2151133 | NEW | low | CVE-2022-39334 nextcloud-client: nextcloudcmd incorrectly trusts bad TLS certificates [epel-8] |
| 2154846 | NEW | low | CVE-2022-3109 qt5-qtwebengine: FFmpeg: Null Pointer Dereference [epel-8] |
| 2155596 | NEW | low | CVE-2022-23537 pjproject: net-libs/pjproject: heap buffer overread [epel-all] |
| 2156017 | NEW | medium | CVE-2022-43601 OpenImageIO: heap buffer overflow due to ImageOutput [epel-all] |
| 2156018 | NEW | medium | CVE-2022-43600 OpenImageIO: heap buffer overflow due to ImageOutput [epel-all] |
| 2156022 | NEW | medium | CVE-2022-41649 OpenImageIO: heap out of bounds read vulnerability [epel-all] |
| 2156025 | NEW | medium | CVE-2022-41837 OpenImageIO: out-of-bounds write vulnerability [epel-all] |
| 2156028 | NEW | medium | CVE-2022-43603 OpenImageIO: denial of service vulnerability [epel-all] |
| 2156032 | NEW | medium | CVE-2022-41981 OpenImageIO: stack-based buffer overflow vulnerability [epel-all] |
| 2156105 | NEW | medium | CVE-2022-23547 pjproject: buffer overread [epel-all] |
| 2157057 | NEW | medium | CVE-2022-3341 qt5-qtwebengine: ffmpeg: null pointer dereference in decode_main_header() in libavformat/nutdec.c [epel-all] |
| 2157282 | NEW | medium | CVE-2022-47952 lxc: information disclosure vulnerability [epel-all] |
| 2158360 | NEW | medium | CVE-2022-44940 patchelf: an out-of-bounds read via the function modifyRPath [epel-all] |
| 2161246 | NEW | medium | CVE-2022-48257 et: EternalTerminal: information exposure [epel-8] |
| 2161249 | NEW | medium | CVE-2022-48258 et: MisterTea/EternalTerminal: information exposure [epel-8] |
| 2162188 | NEW | medium | CVE-2022-41721 golang-x-net: x/net/http2/h2c: request smuggling [epel-8] |
| 2162371 | NEW | medium | CVE-2022-46175 micro: json5: Prototype Pollution in JSON5 via Parse Method [epel-8] |
| 2163041 | NEW | medium | CVE-2022-41717 dnscrypt-proxy: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163043 | NEW | medium | CVE-2022-41717 golang-github-prometheus: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163044 | NEW | medium | CVE-2022-41717 golang-github-prometheus-alertmanager: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163045 | NEW | medium | CVE-2022-41717 golang-github-prometheus-node-exporter: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163046 | NEW | medium | CVE-2022-41717 golie: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163047 | NEW | medium | CVE-2022-41717 micro: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163049 | NEW | medium | CVE-2022-41717 rclone: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163050 | NEW | medium | CVE-2022-41717 reg: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163051 | NEW | medium | CVE-2022-41717 restic: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163053 | NEW | medium | CVE-2022-41717 snapd: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163055 | NEW | medium | CVE-2022-41717 yubihsm-connector: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163541 | NEW | high | CVE-2022-3064 golie: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [epel-all] |
| 2163688 | NEW | medium | CVE-2022-45639 sleuthkit: OS command injection vulnerability in "-m" parameter [epel-all] |
| 2163907 | NEW | medium | CVE-2022-47021 opusfile: NULL pointer dereference in op_get_data() and op_open1() in opusfile.c [epel-all] |
| 2164023 | NEW | medium | CVE-2022-45748 assimp: use-after-free in ColladaParser::ExtractDataObjectFromChannel function in code/AssetLib/Collada/ColladaParser.cpp [epel-all] |
| 2164715 | NEW | medium | CVE-2022-44571 rubygem-rack: denial of service in Content-Disposition parsing [epel-8] |
| 2164720 | NEW | medium | CVE-2022-44570 rubygem-rack: denial of service in Content-Disposition parsing [epel-8] |
| 2164723 | NEW | medium | CVE-2022-44572 rubygem-rack: denial of service in Content-Disposition parsing [epel-8] |
| 2169386 | NEW | medium | CVE-2022-46648 rubygem-git: ruby-git: code injection vulnerability [epel-8] |
| 2170773 | NEW | medium | CVE-2023-23558 et: EternalTerminal: TelemetryService uses fixed paths in /tmp [epel-8] |
| 2171914 | NEW | low | CVE-2023-24809 nethack: buffer overflow in the "C" command [epel-8] |
| 2172134 | NEW | medium | CVE-2021-32142 digikam: LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp [epel-all] |
| 2172418 | NEW | high | CVE-2022-26061 hdf5: HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability [epel-all] |
| 2172421 | NEW | high | CVE-2022-25972 hdf5: HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability [epel-all] |
| 2172425 | NEW | high | CVE-2022-25942 hdf5: HDF5 Group libhdf5 gif2h5 out-of-bounds read vulnerability [epel-all] |
| 2172784 | NEW | medium | CVE-2021-33367 freeimage: denial of service via a crafted JXR file [epel-all] |
| 2173073 | NEW | medium | CVE-2022-31031 pjproject: pjsip: stack buffer overflow [epel-all] |
| 2173075 | NEW | medium | CVE-2022-39244 pjproject: pjsip: buffer overflow in he PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser [epel-all] |
| 2173702 | NEW | medium | CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 asterisk: pjsip: Multiple vulnerabilities [epel-all] |
| 2173703 | NEW | urgent | CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 pjproject: pjsip: Multiple vulnerabilities [epel-all] |
| 2173707 | NEW | medium | CVE-2021-438450 CVE-2021-438451 CVE-2022-217221 CVE-2022-247541 CVE-2022-247542 CVE-2022-247631 CVE-2022-247633 CVE-2022-247641 CVE-2022-247644 CVE-2022-247931 CVE-2022-247935 asterisk: pjsip: Multiple Vulnerabilities [epel-all] |
| 2174318 | NEW | medium | CVE-2023-27371 proxysql: libmicrohttpd: remote DoS [epel-all] |
| 2176479 | NEW | medium | CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing [epel-all] |
| 2178397 | NEW | medium | CVE-2022-41723 dnscrypt-proxy: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178399 | NEW | medium | CVE-2022-41723 golang-github-prometheus: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178400 | NEW | medium | CVE-2022-41723 golang-github-prometheus-alertmanager: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178401 | NEW | medium | CVE-2022-41723 golang-github-prometheus-node-exporter: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178405 | NEW | medium | CVE-2022-41723 rclone: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178406 | NEW | medium | CVE-2022-41723 reg: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178407 | NEW | medium | CVE-2022-41723 restic: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178841 | NEW | high | CVE-2023-27585 pjproject: pjsip: buffer overflow vulnerability [epel-all] |
| 2178899 | NEW | medium | CVE-2022-46908 qt5-qtwebengine: sqlite: safe mode authorizer callback allows disallowed UDFs [epel-all] |
| 2179652 | NEW | medium | CVE-2023-27539 rubygem-rack: denial of service in header parsing [epel-all] |
| 2180113 | NEW | medium | CVE-2023-28371 stellarium: arbitrary file write [epel-all] |
| 2180878 | NEW | low | CVE-2023-1576 p7zip: Heap buffer overflow in ZipIn.cpp [epel-all] |
| 2182279 | NEW | medium | CVE-2022-3116 heimdal: NULL pointer dereference using a crafted negTokenInit token [epel-all] |
| 2182590 | NEW | low | CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8] |
| 2182602 | NEW | low | CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8] |
| 2182843 | NEW | high | CVE-2022-48434 qt5-qtwebengine: ffmpeg: Use after free in libavcodec/pthread_frame.c [epel-all] |
| 2184906 | NEW | low | CVE-2023-25823 gradio: user could access other users shared Gradio demos [epel-8] |
| 2185105 | NEW | low | CVE-2023-22845 CVE-2023-24472 CVE-2023-24473 OpenImageIO: multiple vulnerabilities [epel-all] |
| 2185521 | NEW | low | CVE-2023-24626 screen: allows sending SIGHUP to arbitrary PIDs [epel-8] |
| 2185867 | NEW | low | CVE-2021-43311 CVE-2021-43312 CVE-2021-43313 CVE-2021-43314 CVE-2021-43315 CVE-2021-43316 CVE-2021-43317 upx: various flaws [epel-all] |
| 2185952 | NEW | low | CVE-2023-28999 nextcloud-client: nextloucd-client: malicious server administrator can gain full access to an end-to-end encrypted folder [epel-all] |
| 2185986 | NEW | medium | CVE-2023-29469 qt5-qtwebengine: libxml2: Hashing of empty dict strings isn't deterministic [epel-all] |
| 2185998 | NEW | medium | CVE-2023-28484 qt5-qtwebengine: libxml2: NULL dereference in xmlSchemaFixupComplexType [epel-all] |
| 2186846 | NEW | medium | CVE-2023-29584 libmp4v2: Heap buffer overflow [epel-all] |
| 2187907 | NEW | medium | CVE-2023-30608 python-sqlparse: sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) [epel-all] |
| 2188276 | NEW | medium | CVE-2023-1729 digikam: LibRaw: a heap-buffer-overflow in raw2image_ex() [epel-all] |
| 2188526 | NEW | low | CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8] |
| 2191663 | NEW | low | CVE-2023-26934 xpdf: denial of service via a crafted PDF file in Object::copy() in xpdf/Object.cc [epel-all] |
| 2191665 | NEW | low | CVE-2023-26935 xpdf: buffer overflow via a crafted PDF file in SharedFile::readBlock() in xpdf/Stream.cc [epel-all] |
| 2191670 | NEW | low | CVE-2023-26936 xpdf: buffer overflow via a crafted PDF file in gmalloc() in goo/gmem.cc [epel-all] |
| 2191671 | NEW | low | CVE-2023-26937 xpdf: buffer overflow via a crafted PDF file in GString::resize() in goo/GString.cc [epel-all] |
| 2191677 | NEW | low | CVE-2023-26938 xpdf: buffer overflow via a crafted PDF file in gfseek() in goo/gfile.cc [epel-all] |
| 2192678 | NEW | low | CVE-2023-26930 xpdf: buffer overflow via a crafted PDF file [epel-all] |
| 2192686 | NEW | low | CVE-2023-26931 xpdf: buffer overflow via a crafted PDF file in TextLine::TextLine() in xpdf/TextOutputDev.cc [epel-all] |
| 2203457 | NEW | low | CVE-2023-2662 xpdf: bad color space object in input leads to divide-by-zero [epel-all] |
| 2203460 | NEW | low | CVE-2023-2663 xpdf: infinite recursion loop leads to stack overflow [epel-all] |
| 2203463 | NEW | low | CVE-2023-2664 xpdf: loop in embedded file tree leads to infinite recursion [epel-all] |
| 2207610 | NEW | medium | CVE-2021-31239 qt5-qtwebengine: sqlite: denial of service via the appendvfs.c function [epel-all] |
| 2209311 | NEW | medium | CVE-2022-37599 golang-github-prometheus: loader-utils: regular expression denial of service in interpolateName.js [epel-all] |
| 2210201 | NEW | medium | CVE-2023-28370 python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations. [epel-8] |
| 2210368 | NEW | medium | CVE-2023-33720 libmp4v2: memory leak [epel-all] |
| 2210478 | NEW | low | CVE-2023-26129 bwm-ng: Command Injection [epel-all] |
| 2210853 | NEW | medium | CVE-2021-21366 breeze-icon-theme: xmldom: incorrect parsing and serialization leads to unexpected behavior [epel-8] |
| 2211077 | NEW | low | CVE-2023-26130 et: cpp-httplib: CRLF Injection [epel-all] |
| 2211085 | NEW | low | CVE-2023-34204 imapsync: insecure /tmp usage [epel-all] |
| 2211109 | NEW | medium | CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8] |
| 2215197 | NEW | medium | CVE-2023-34565 netbox: vulnerable to Cross Site Scripting (XSS) [epel-all] |
| 2216894 | NEW | medium | CVE-2023-26115 golang-github-prometheus: word-wrap: ReDoS [epel-all] |
| 2216940 | NEW | low | TRIAGE-CVE-2023-36191 qt5-qtwebengine: sqlite: CLI fault on missing -nonce [epel-all] |
| 2217042 | NEW | medium | CVE-2023-32758 python-git-url-parse: ReDoS via untrusted URLs [epel-all] |
| 2218073 | NEW | low | CVE-2023-3436 xpdf: deadlock on a PDF object stream [epel-all] |
| 2218381 | NEW | medium | CVE-2023-3430 OpenImageIO: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp [epel-all] |
| 2219518 | NEW | medium | CVE-2023-36183 OpenImageIO: heap-buffer-overflow in ICOInput::readimg() in icoinput.cpp [epel-all] |
| 2220673 | NEW | medium | CVE-2023-26136 breeze-icon-theme: tough-cookie: prototype pollution in cookie memstore [epel-all] |
| 2220674 | NEW | medium | CVE-2023-26136 golang-github-prometheus: tough-cookie: prototype pollution in cookie memstore [epel-all] |
| 2220677 | NEW | medium | CVE-2023-26136 yarnpkg: tough-cookie: prototype pollution in cookie memstore [epel-all] |
| 2221027 | NEW | medium | TRIAGE-CVE-2023-25399 espresso: scipy: refcounting issue leads to potential memory leak [epel-8] |
| 2221053 | NEW | medium | TRIAGE-CVE-2023-29824 espresso: scipy: use-after-free in Py_FindObjects() function [epel-8] |
| 2221257 | NEW | low | TRIAGE-CVE-2023-31606 rubygem-RedCloth: RedCloth: Regular expression denial of service in sanitize_html function [epel-all] |
| 2221274 | NEW | medium | CVE-2021-33796 mujs: Use-after-free in regexp source property access [epel-all] |
| 2222350 | NEW | high | CVE-2022-38900 yarnpkg: decode-uri-component: improper input validation resulting in DoS [epel-8] |
| 2222507 | NEW | medium | CVE-2022-25883 breeze-icon-theme: nodejs-semver: Regular expression denial of service [epel-all] |
| 2222508 | NEW | medium | CVE-2022-25883 golang-github-prometheus: nodejs-semver: Regular expression denial of service [epel-all] |
| 2222512 | NEW | medium | CVE-2022-25883 yarnpkg: nodejs-semver: Regular expression denial of service [epel-all] |
| 2222917 | NEW | medium | CVE-2023-3044 xpdf: divide by zero vulnerability [epel-all] |
| 2223821 | NEW | low | TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8] |
| 2228050 | NEW | low | CVE-2023-3817 openssl3: OpenSSL: Excessive time spent checking DH q parameter value [epel-all] |
| 2229581 | NEW | medium | CVE-2023-3978 rclone: golang.org/x/net/html: Cross site scripting [epel-all] |
| 2230283 | NEW | medium | TRIAGE-CVE-2021-37501 hdf5: heap buffer overread [epel-8] |
| 2231391 | NEW | high | CVE-2023-37625 netbox: Stored cross-site scripting in Custom Link templates [epel-all] |
| 2231423 | NEW | medium | CVE-2023-28711 hyperscan: Insufficient control flow management [epel-all] |
| 2232823 | NEW | low | CVE-2023-4413 rkhunter: info leak via log files [epel-all] |
| 2234737 | NEW | medium | CVE-2021-46312 djvulibre: divide by zero in IW44EncodeCodec.cpp [epel-8] |
| 2234740 | NEW | medium | CVE-2021-46310 djvulibre: divide by zero in IW44Image.cpp [epel-8] |
| 2234827 | NEW | medium | CVE-2020-21679 GraphicsMagick: heap buffer overflow in WritePCXImage() [epel-all] |
| 2235159 | NEW | medium | CVE-2022-47069 p7zip: Heap buffer overflow in NArchive::NZip::CInArchive::FindCd [epel-all] |
| 2235164 | NEW | medium | CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic [epel-8] |
| 2235277 | NEW | medium | CVE-2020-22628 digikam: libraw: Out of bounds read in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp [epel-all] |
| 2235357 | NEW | medium | CVE-2020-22524 freeimage: buffer overflow in FreeImage_Load() in Plugin.cpp [epel-all] |
| 2235405 | NEW | medium | CVE-2020-21426 freeimage: buffer overflow in C_IStream::read() in PluginEXR.cpp [epel-all] |
| 2235408 | NEW | medium | CVE-2020-18781 audiofile: a Denial of Service via crafted file [epel-8] |
| 2235413 | NEW | medium | CVE-2020-21427 freeimage: buffer overflow in LoadPixelDataRLE8() in PluginBMP.cpp [epel-all] |
| 2235416 | NEW | medium | CVE-2020-21428 freeimage: buffer overflow in LoadRGB() in PluginDDS.cpp [epel-all] |
| 2235421 | NEW | high | CVE-2020-24292 freeimage: buffer overflow in load() in PluginICO.cpp [epel-all] |
| 2235427 | NEW | high | CVE-2020-24293 freeimage: buffer overflow in psdThumbnail::Read() in PSDParser.cpp [epel-all] |
| 2235429 | NEW | medium | CVE-2020-24294 freeimage: buffer overflow in psdParser::UnpackRLE() in PSDParser.cpp [epel-all] |
| 2235433 | NEW | high | CVE-2020-24295 freeimage: buffer overflow in ReadImageLine() in PSDParser.cpp [epel-all] |
| 2235439 | NEW | medium | CVE-2021-40262 freeimage: stack exhaustion via Validate() in PluginRAW.cpp [epel-all] |
| 2235443 | NEW | high | CVE-2021-40263 freeimage: buffer overflow via Load() in PluginTIFF.cpp [epel-all] |
| 2235446 | NEW | medium | CVE-2021-40264 freeimage: NULL pointer dereference via FreeImage_CloneTag() in inFreeImageTag.cpp [epel-all] |
| 2235451 | NEW | high | CVE-2021-40265 freeimage: buffer overflow in Load() in PluginJPEG.cpp [epel-all] |
| 2235455 | NEW | medium | CVE-2021-40266 freeimage: NULL pointer dereference in ReadPalette() in PluginTIFF.cpp [epel-all] |
| 2235657 | NEW | medium | CVE-2022-48570 cryptopp: timing side channel in ECDSA signature generation [epel-all] |
| 2235859 | NEW | high | CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [epel-all] |
| 2235862 | NEW | high | CVE-2023-40889 zbar: buffer overflow via crafted qr code [epel-all] |
| 2236891 | NEW | high | CVE-2023-1523 snapd: code exec via TIOCLINUX ioctl request [epel-all] |
| 2237421 | NEW | medium | CVE-2023-4540 lua-http: lua-http: lua-http library allows Excessive Allocation and a denial of service (DoS) attack [epel-all] |
| 2239445 | NEW | medium | CVE-2020-18232 hdf5: Buffer Overflow in function H5S_close in H5S.c [epel-all] |
| 2240220 | NEW | medium | CVE-2023-36234 netbox: XSS via Name field in device-roles/add function [epel-8] |
| 2240716 | NEW | medium | CVE-2020-18494 hdf5: Buffer overflow in function H5S_close at H5S.c [epel-all] |
| 2241100 | NEW | high | CVE-2023-40481 p7zip: SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability [epel-all] |
| 2241102 | NEW | high | CVE-2023-31102 p7zip: 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability [epel-all] |
| 2241258 | NEW | high | CVE-2023-5217 qt5-qtwebengine: libvpx: Heap buffer overflow in vp8 encoding in libvpx [epel-all] |
| 2241775 | NEW | medium | TRIAGE-CVE-2023-5341 ImageMagick: Heap use-after-free in coders/bmp.c [epel-all] |
| 2241809 | NEW | high | CVE-2023-44488 qt5-qtwebengine: TRIAGE-CVE-2023-44488 libvpx: crash related to VP9 encoding [epel-all] |
| 2242180 | NEW | medium | CVE-2023-43665 python-django3: python-django: Denial-of-service possibility in django.utils.text.Truncator [epel-8] |
| 2242356 | NEW | high | CVE-2022-24764 pjproject: PJSIP contains a stack buffer overflow vulnerability that affects PJSUA2 users [epel-all] |
| 2242460 | NEW | high | CVE-2023-43907 optipng: global buffer overflow via the 'buffer' variable at gifread.c. [epel-all] |
| 2242527 | NEW | high | CVE-2023-38703 pjproject: pjsip: Use-after-free in SRTP media transport [epel-all] |
| 2244559 | NEW | medium | CVE-2023-45853 BackupPC-XS: TRIAGE-CVE-2023-45853 zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 [epel-all] |
| 2245339 | NEW | medium | CVE-2023-46277 rust-pleaser: privilege escalation using ioctls TIOCSTI and TIOCLINUX [epel-all] |
| 2246491 | NEW | medium | TRIAGE CVE-2018-25091 duplicity: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
| 2246494 | NEW | medium | TRIAGE CVE-2018-25091 python-hvac: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
| 2246495 | NEW | medium | TRIAGE CVE-2018-25091 python-smart-gardena: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
| 2246496 | NEW | medium | TRIAGE CVE-2018-25091 python38-hvac: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
| 2246567 | NEW | low | CVE-2023-45322 qt5-qtwebengine: libxml2: use-after-free in xmlUnlinkNode() in tree.c [epel-all] |
| 2246579 | NEW | medium | CVE-2023-45142 caddy: opentelemetry-go-contrib: DoS vulnerability in otelhttp [epel-all] |
| 2246628 | NEW | high | CVE-2023-46234 golang-github-prometheus: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [epel-all] |
| 2246630 | NEW | high | CVE-2023-46234 yarnpkg: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [epel-all] |
| 2246967 | NEW | medium | CVE-2023-46407 qt5-qtwebengine: FFmpeg: out of bounds read [epel-all] |
| 2246973 | NEW | medium | CVE-2023-46490 cacti: SQL Injection [epel-all] |
| 2247631 | NEW | medium | CVE-2023-5764 ansible: Template Injection [epel-all] |
| 2247745 | NEW | medium | CVE-2023-42299 OpenImageIO: Buffer Overflow in OpenImageIO oiio [epel-all] |
| 2248218 | NEW | high | caddy: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248221 | NEW | high | dnscrypt-proxy: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248222 | NEW | high | golang-github-prometheus-alertmanager: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248223 | NEW | high | golang-github-prometheus-node-exporter: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248224 | NEW | high | golang-github-prometheus: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248227 | NEW | high | golie: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248229 | NEW | high | micro: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248230 | NEW | high | pack: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248231 | NEW | high | rclone: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248232 | NEW | high | reg: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248233 | NEW | high | restic: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248235 | NEW | high | snapd: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248238 | NEW | high | yubihsm-connector: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248621 | NEW | low | CVE-2023-5678 openssl3: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow [epel-8] |
| 2248699 | NEW | medium | TRIAGE CVE-2023-41040 GitPython: Blind local file inclusion [epel-all] |
| 2249063 | NEW | medium | CVE-2023-5363 openssl3: openssl: Incorrect cipher key and IV length processing [epel-8] |
| 2250164 | NEW | low | CVE-2023-48052 httpie: Missing SSL certificate validation [epel-all] |
| 2250616 | NEW | medium | CVE-2023-47627 python-afsapi: python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all] |
| 2250617 | NEW | medium | CVE-2023-47627 python-discord: python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all] |
| 2250618 | NEW | medium | CVE-2023-47627 python-idna-ssl: python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all] |
| 2251066 | MODIFIED | medium | TRIAGE CVE-2023-47016 radare2: out of bounds read in xnu kernelcache [epel-all] |
| 2251629 | MODIFIED | high | CVE-2023-30801 qbittorrent: default credentials allowed by default [epel-all] |
| 2251666 | NEW | medium | CVE-2022-37331 openbabel: Open Babel Gaussian format orientation out-of-bounds write vulnerability [epel-all] |
| 2251668 | NEW | medium | CVE-2022-41793 openbabel: Open Babel CSR format title out-of-bounds write vulnerability [epel-all] |
| 2251672 | NEW | high | CVE-2022-42885 openbabel: Open Babel GRO format res uninitialized pointer dereference vulnerability [epel-all] |
| 2251697 | NEW | high | CVE-2022-43467 openbabel: Open Babel PQS format coord_file out-of-bounds write vulnerability [epel-all] |
| 2251699 | NEW | high | CVE-2022-43607 openbabel: Open Babel MOL2 format attribute and value out-of-bounds write vulnerability [epel-all] |
| 2251704 | NEW | medium | CVE-2022-44451 openbabel: Open Babel MSI format atom uninitialized pointer dereference vulnerability [epel-all] |
| 2251707 | NEW | medium | CVE-2022-46280 openbabel: Open Babel PQS format pFormat uninitialized pointer dereference vulnerability [epel-all] |
| 2251712 | NEW | high | CVE-2022-46289 openbabel: Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities [epel-all] |
| 2251716 | NEW | medium | CVE-2022-46290 openbabel: Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities [epel-all] |
| 2251719 | NEW | high | CVE-2022-46291 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
| 2251722 | NEW | medium | CVE-2022-46292 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
| 2251725 | NEW | high | CVE-2022-46293 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
| 2251728 | NEW | medium | CVE-2022-46294 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
| 2251733 | NEW | medium | CVE-2022-46295 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
| 2251849 | NEW | high | CVE-2020-20813 openvpn: DoS via crafted reset packet [epel-all] |
| 2252377 | NEW | medium | CVE-2023-46137 python-twisted: disordered HTTP pipeline response in twisted.web [epel-all] |
| 2252886 | NEW | high | TRIAGE CVE-2023-5332 golang-github-prometheus: consul: Command injection through script checks option [epel-all] |
| 2253442 | NEW | high | CVE-2023-45133 golang-github-prometheus: babel: arbitrary code execution [epel-all] |
| 2253971 | NEW | high | CVE-2023-49287 tinydir: stack-based buffer overflow in tinydir_file_open() [epel-all] |
| 2253974 | NEW | low | CVE-2023-49284 fish: command substitution output can trigger shell expansion [epel-all] |
| 2254562 | NEW | high | CVE-2023-41913 strongswan: buffer overflow [epel-all] |
| 2254626 | NEW | medium | TRIAGE CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan function [epel-all] |
| 2254631 | NEW | medium | TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [epel-all] |
| 2254634 | NEW | medium | TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [epel-all] |
| 2254991 | NEW | medium | CVE-2022-48541 ImageMagick: memory leak in identify -help [epel-8] |
| 2255041 | NEW | medium | CVE-2023-48795 dropbear: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
| 2255046 | NEW | medium | CVE-2023-48795 libssh2: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
| 2255067 | NEW | medium | CVE-2023-48795 pack: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
| 2255068 | NEW | medium | CVE-2023-48795 rclone: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
| 2255069 | NEW | medium | CVE-2023-48795 restic: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
| 2255128 | NEW | medium | TRIAGE CVE-2023-50979 cryptopp: side-channel leakage during decryption with PKCS#1v1.5 padding (Marvin) [epel-all] |
| 2255132 | NEW | medium | TRIAGE CVE-2023-50980 cryptopp: DoS via malformed DER public key file [epel-all] |
| 2255136 | NEW | medium | TRIAGE CVE-2023-50981 cryptopp: malformed DER public key file can trigger infinite loop condition [epel-all] |
| 2255158 | NEW | low | TRIAGE CVE-2023-6918 libssh2: libssh: Missing checks for return values for digests [epel-all] |
| 2255603 | NEW | high | CVE-2023-49084 cacti: RCE when managing links [epel-all] |
| 2255607 | NEW | medium | CVE-2023-49086 cacti: XSS when adding new devices [epel-all] |
| 2255614 | NEW | low | CVE-2023-49356 mp3gain: stack-based buffer overflow via the WriteMP3GainAPETag() at apetag.c [epel-all] |
| 2255646 | NEW | medium | TRIAGE CVE-2023-50569 cacti: Reflected Cross Site Scripting (XSS) vulnerability in Cacti [epel-all] |
| 2255668 | NEW | high | CVE-2023-49085 CVE-2023-49088 CVE-2023-50250 CVE-2023-51448 cacti: Multiple vulnerabilities [epel-all] |
| 2255849 | NEW | medium | TRIAGE CVE-2023-51449 gradio: directory traversal vulnerability in '/file' route [epel-all] |
| 2255862 | NEW | medium | CVE-2023-48795 erlang: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
| 2256197 | NEW | medium | CVE-2023-7104 qt5-qtwebengine: sqlite: heap-buffer-overflow at sessionfuzz [epel-all] |
| 2256415 | NEW | medium | TRIAGE CVE-2023-26159 golang-github-prometheus: follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() [epel-all] |
| 2256795 | NEW | medium | CVE-2024-0222 qt5-qtwebengine: chromium: Use after free in ANGLE, compromised the renderer process to potentially exploit heap corruption via a crafted HTML page [epel-all] |
| 2256802 | NEW | medium | CVE-2024-0223 qt5-qtwebengine: chromium: heap corruption via a crafted HTML page in angle [epel-all] |
| 2256808 | NEW | medium | CVE-2024-0224 qt5-qtwebengine: chromium: heap corruption via a crafted HTML page in webaudio [epel-all] |
| 2256814 | NEW | medium | CVE-2024-0225 qt5-qtwebengine: chromium: heap corruption via a crafted HTML page in webgpu [epel-all] |
| 2257573 | NEW | low | CVE-2023-6129 openssl3: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC [epel-all] |
| 2257655 | NEW | medium | CVE-2023-47995 freeimage: Buffer Overflow vulnerability in FreeImage_AllocateBitmap [epel-all] |
| 2257656 | NEW | medium | CVE-2023-47993 freeimage: out-of-bound read vulnerability in ReadInt32 [epel-all] |
| 2257657 | NEW | medium | CVE-2023-47992 freeimage: integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc() [epel-all] |
| 2257658 | NEW | medium | CVE-2023-47994 freeimage: integer overflow in LoadPixelDataRLE4() function in PluginBMP.cpp [epel-all] |
| 2257659 | NEW | medium | CVE-2023-47996 freeimage: integer overflow in jpeg_read_exif_dir in Exif.cpp [epel-all] |
| 2257660 | NEW | medium | CVE-2023-47997 freeimage: infinite loop exits in Load in PluginTIFF.cpp [epel-all] |
| 2257827 | NEW | medium | CVE-2023-49295 caddy: quic-go: memory exhaustion attack against QUIC's path validation mechanism [epel-8] |
| 2257886 | NEW | low | CVE-2024-0232 qt5-qtwebengine: sqlite: use-after-free bug in jsonParseAddNodeArray [epel-all] |
| 2258505 | NEW | low | CVE-2023-6237 openssl3: openssl: Excessive time spent checking invalid RSA public keys [epel-all] |
| 2259781 | NEW | medium | TRIAGE CVE-2024-23342 python-ecdsa: vulnerable to the Minerva attack [epel-all] |
| 2259800 | NEW | high | CVE-2023-49568 pack: go-git: Maliciously crafted Git server replies can cause DoS on go-git clients [epel-8] |
| 2259812 | NEW | urgent | CVE-2023-49569 pack: go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients [epel-8] |
| 2259950 | NEW | low | TRIAGE CVE-2024-0727 openssl3: openssl: denial of service via null dereference [epel-all] |
| 2260375 | NEW | high | TRIAGE CVE-2023-52076 atril: Path traversal in Atril can lead to arbitrary file write and possible arbitrary code execution [epel-all] |
| 2260696 | NEW | medium | CVE-2024-22860 qt5-qtwebengine: FFmpeg: Integer overflow vulnerability in FFmpeg [epel-all] |
| 2260702 | NEW | medium | CVE-2024-22862 qt5-qtwebengine: FFmpeg: Integer overflow vulnerability in FFmpeg [epel-all] |
| 2260708 | NEW | medium | CVE-2024-22861 qt5-qtwebengine: FFmpeg: Integer overflow vulnerability in FFmpeg [epel-all] |
| 2261893 | NEW | medium | CVE-2024-23334 python-idna-ssl: aiohttp: follow_symlinks directory traversal vulnerability [epel-all] |
| 2261914 | NEW | medium | CVE-2024-23829 python-idna-ssl: python-aiohttp: http request smuggling [epel-8] |
| 2263420 | NEW | medium | TRIAGE CVE-2024-25189 libjwt: auth bypass via timing side channel [epel-all] |
| 2263807 | NEW | low | CVE-2024-1433 plasma-workspace: KDE-Plasma-Workspace: path traversal vulnerability [epel-all] |
| 2264936 | NEW | urgent | CVE-2021-32563 Thunar: code execution while delegating to another program [epel-all] |
| 2264940 | NEW | medium | CVE-2024-1580 dav1d: videolan/dav1d: integer overflow when decoding videos with large frame size [epel-all] |
| 2265035 | NEW | high | CVE-2024-26134 python-cbor2: cbor2: Potential buffer overflow in CBOR2 decoder [epel-all] |
| 2265139 | NEW | medium | CVE-2023-46445 python-asyncssh: Rogue Extension Negotiation [epel-8] |
| 2265141 | NEW | high | CVE-2023-46446 python-asyncssh: Rogue Session Attack [epel-8] |
| 2265599 | NEW | medium | CVE-2024-25126 rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing [epel-all] |
| 2265600 | NEW | medium | CVE-2024-26141 rubygem-rack: Possible DoS Vulnerability with Range Header in Rack [epel-all] |
| 2265601 | NEW | medium | CVE-2024-26146 rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing [epel-all] |
| 2265683 | NEW | urgent | CVE-2023-42282 golang-github-prometheus: nodejs-ip: arbitrary code execution via the isPublic() function [epel-all] |
| 2266114 | NEW | medium | TRIAGE CVE-2024-21501 glances: sanitize-html: Information Exposure when used on the backend [epel-all] |
| 2266115 | NEW | medium | TRIAGE CVE-2024-21501 golang-github-prometheus: sanitize-html: Information Exposure when used on the backend [epel-all] |
| 2266130 | NEW | medium | CVE-2023-6601 CVE-2023-6602 CVE-2023-6603 CVE-2023-6604 CVE-2023-6605 qt5-qtwebengine: ffmpeg: Multiple vulnerabilities [epel-all] |
| 2266174 | NEW | medium | TRIAGE CVE-2024-25768 opendmarc: NULL pointer dereference in opendmarc_policy.c [epel-all] |
| 2266276 | NEW | medium | CVE-2024-26455 fluent-bit: fluent-bit:Use-After-Free in /fluent-bit/plugins/custom_calyptia/calyptia.c [epel-all] |
| 2266571 | NEW | medium | CVE-2023-45857 ansible-collection-awx-awx: axios: exposure of confidential data stored in cookies [epel-all] |
| 2267264 | NEW | medium | TRIAGE CVE-2024-27285 puppet: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267266 | NEW | medium | TRIAGE CVE-2024-27285 rubygem-asciidoctor: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267267 | NEW | medium | TRIAGE CVE-2024-27285 rubygem-docile: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267271 | NEW | medium | TRIAGE CVE-2024-27285 rubygem-git: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267272 | NEW | medium | TRIAGE CVE-2024-27285 rubygem-public_suffix: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267726 | NEW | medium | CVE-2024-23836 suricata: crafted traffic can cause denial of service [epel-all] |
| 2268279 | NEW | medium | TRIAGE CVE-2024-27304 caddy: pgx: SQL Injection via Protocol Message Size Overflow [epel-all] |
| 2268467 | NEW | medium | TRIAGE CVE-2024-27289 caddy: pgx: SQL Injection via Line Comment Creation [epel-all] |
| 2268872 | NEW | medium | CVE-2024-28180 caddy: jose-go: improper handling of highly compressed data [epel-all] |
| 2268874 | NEW | medium | CVE-2024-28180 singularity-ce: jose-go: improper handling of highly compressed data [epel-all] |
| 2269243 | NEW | high | TRIAGE CVE-2024-27758 python-rpyc: Remote attacker can craft a class, resulting in remote code execution [epel-all] |
| 2269657 | NEW | medium | CVE-2024-26475 radare2: a denial of service via the grub_sfs_read_extent function [epel-all] |
| 2270034 | NEW | medium | CVE-2018-25099 libtomcrypt: gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag [epel-all] |
| 2270186 | NEW | high | CVE-2023-41334 python-astropy: Remote code execution in TranformGraph().to_dot_graph function [epel-all] |
| 2270602 | NEW | medium | CVE-2024-29018 pack: moby: external DNS requests from 'internal' networks could lead to data exfiltration [epel-all] |
| 2270721 | NEW | medium | TRIAGE CVE-2024-25062 qt5-qtwebengine: libxml2: use-after-free in XMLReader [epel-all] |
| 2270957 | NEW | medium | CVE-2024-28577 freeimage: Null Pointer Dereference in jpeg_read_exif_profile_raw() [epel-all] |
| 2270961 | NEW | medium | CVE-2024-28576 freeimage: buffer overflow in opj_j2k_tcp_destroy() [epel-all] |
| 2270965 | NEW | medium | CVE-2024-28575 freeimage: buffer overflow in opj_j2k_read_mct() [epel-all] |
| 2270978 | NEW | medium | CVE-2024-28573 freeimage: buffer overflow in peg_read_exif_profile() function when reading images in JPEG format [epel-all] |
| 2270979 | NEW | medium | CVE-2024-28572 freeimage: buffer overflow in FreeImage_SetTagValue() function when reading images in JPEG format [epel-all] |
| 2270982 | NEW | medium | CVE-2024-28571 freeimage: buffer overflow in fill_input_buffer() when reading images in JPEG format [epel-all] |
| 2270984 | NEW | medium | CVE-2024-28574 freeimage: buffer overflow in opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format [epel-all] |
| 2270987 | NEW | medium | CVE-2024-28570 freeimage: buffer overflow in processMakerNote() [epel-all] |
| 2270989 | NEW | medium | CVE-2024-28569 freeimage: buffer overflow in Imf_2_2::Xdr::read() when reading images in EXR format [epel-all] |
| 2270992 | NEW | medium | CVE-2024-28568 freeimage: buffer overflow in read_iptc_profile() function when reading images in TIFF format [epel-all] |
| 2271002 | NEW | medium | CVE-2024-28565 freeimage: buffer overflow in psdParser::ReadImageData() function when reading images in PSD format [epel-all] |
| 2271003 | NEW | medium | CVE-2024-28566 freeimage: buffer overflow in AssignPixel() function when reading images in TIFF format [epel-all] |
| 2271006 | NEW | medium | CVE-2024-28567 freeimage: Buffer Overflow in FreeImage_CreateICCProfile() function when reading images in TIFF format [epel-all] |
| 2271015 | NEW | medium | CVE-2024-28578 freeimage: buffer overflow in Load() function when reading images in RAS format [epel-all] |
| 2271016 | NEW | medium | CVE-2024-28579 freeimage: buffer overflow in FreeImage_Unload() function when reading images in HDR format [epel-all] |
| 2271025 | NEW | medium | CVE-2024-28580 freeimage: buffer overflow in ReadData() function when reading images in RAS format [epel-all] |
| 2271026 | NEW | medium | CVE-2024-28581 freeimage: buffer overflow in _assignPixel<>() function when reading images in TARGA format [epel-all] |
| 2271028 | NEW | medium | CVE-2024-28582 freeimage: buffer overflow in rgbe_RGBEToFloat() function when reading images in HDR format [epel-all] |
| 2271034 | NEW | medium | CVE-2024-28583 freeimage: buffer overflow in readLine() function when reading images in XPM format [epel-all] |
| 2271036 | NEW | medium | CVE-2024-28584 freeimage: null pointer dereference in J2KImageToFIBITMAP() function when reading images in J2K format [epel-all] |
| 2271040 | NEW | medium | CVE-2024-28562 freeimage: buffer overflow in Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format [epel-all] |
| 2271045 | NEW | medium | CVE-2024-28563 freeimage: buffer overflow in Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format [epel-all] |
| 2271046 | NEW | medium | CVE-2024-28564 freeimage: buffer overflow in Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format [epel-all] |
| 2271381 | NEW | medium | CVE-2024-2824 jhead: heap buffer overflow in PrintFormatNumber() can lead to segmentation fault [epel-all] |
| 2271760 | NEW | medium | CVE-2024-2206 gradio: route allows a user to proxy arbitrary urls including potential internal endpoints [epel-all] |
| 2271850 | NEW | urgent | CVE-2024-2883 qt5-qtwebengine: chromium: Use after free in ANGLE [epel-all] |
| 2271857 | NEW | high | CVE-2024-2885 qt5-qtwebengine: chromium: Use after free in Dawn [epel-all] |
| 2271863 | NEW | high | CVE-2024-2886 qt5-qtwebengine: chromium: Use after free in WebCodecs [epel-all] |
| 2271870 | NEW | high | CVE-2024-2887 qt5-qtwebengine: chromium: Type Confusion in WebAssembly [epel-all] |
| 2271912 | NEW | low | CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [epel-all] |
| 2271991 | NEW | medium | CVE-2024-3024 tcpreplay: heap-based buffer overflow [epel-all] |
| 2272329 | NEW | high | CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code Execution [epel-all] |
| 2272852 | NEW | low | CVE-2024-3247 xpdf: stack-overflow in pdftotext [epel-all] |
| 2272855 | NEW | low | CVE-2024-3248 xpdf: stack overflow via pdftpng [epel-all] |
| 2272881 | NEW | medium | CVE-2024-28755 mbedtls: Mbed-TLS: Denial of Service [epel-all] |
| 2272885 | NEW | medium | CVE-2024-28836 mbedtls: Mbed-TLS: Denial of Service [epel-all] |
| 2272887 | NEW | medium | CVE-2024-30166 mbedtls: Mbed-TLS: information disclosure [epel-all] |
| 2272890 | NEW | medium | CVE-2024-3205 ghc-yaml: libyaml: Heap-Based Buffer Overflow [epel-all] |
| 2273052 | NEW | high | TRIAGE CVE-2024-30255 golang-github-prometheus: envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood [epel-all] |
| 2273514 | NEW | medium | TRIAGE CVE-2024-22189 caddy: quic-go: memory exhaustion attack against QUIC's connection ID mechanism [epel-all] |
| 2273515 | NEW | medium | TRIAGE CVE-2024-22189 caddy: quic-go: memory exhaustion attack against QUIC's connection ID mechanism [epel-8] |
| 2274021 | NEW | low | TRIAGE CVE-2024-2511 openssl3: openssl: Unbounded memory growth with session handling in TLSv1.3 [epel-all] |
| 2274473 | ON_QA | high | CVE-2024-3157 CVE-2024-3515 CVE-2024-3516 chromium: various flaws [epel-all] |
| 2274683 | NEW | medium | CVE-2023-29483 python3.11-dns-epel: dnspython: denial of service in stub resolver [epel-all] |
| 2274684 | NEW | medium | CVE-2023-29483 python39-dns: dnspython: denial of service in stub resolver [epel-all] |
| 2274695 | NEW | medium | CVE-2023-49528 chromium: FFmpeg: Heap Buffer Overflow vulnerability [epel-all] |
| 2274696 | NEW | medium | CVE-2023-49528 qt5-qtwebengine: FFmpeg: Heap Buffer Overflow vulnerability [epel-all] |
| 2274783 | NEW | medium | TRIAGE CVE-2024-3651 python-idna-ssl: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() [epel-8] |
| 2275184 | ON_QA | low | CVE-2024-31497 putty: secret key recovery of NIST P-521 private keys Through Biased ECDSA Nonces in PuTTY Client [epel-all] |
| 2275186 | NEW | low | CVE-2024-31497 filezilla: putty: secret key recovery of NIST P-521 private keys Through Biased ECDSA Nonces in PuTTY Client [epel-all] |
| 2275233 | NEW | medium | CVE-2024-22189 syncthing: quic-go: memory exhaustion attack against QUIC's connection ID mechanism [epel-8] |
| 2275350 | NEW | high | CVE-2024-1135 python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers [epel-all] |
| 2275548 | NEW | high | CVE-2024-3833 CVE-2024-3834 CVE-2024-3837 CVE-2024-3839 CVE-2024-3840 CVE-2024-3841 CVE-2024-3843 CVE-2024-3844 CVE-2024-3845 CVE-2024-3846 CVE-2024-3847 chromium: various flaws [epel-all] |
| 2275815 | NEW | high | CVE-2024-3914 chromium: chromium-browser: use after free in V8 [epel-all] |
| 2275828 | NEW | low | CVE-2024-3900 xpdf: out-of-bounds array write [epel-all] |
| 2275841 | NEW | medium | CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 chromium: ffmpeg: multiple vulnerabilities [epel-all] |
| 2275842 | NEW | medium | CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 qt5-qtwebengine: ffmpeg: multiple vulnerabilities [epel-all] |
| 2275990 | ASSIGNED | medium | CVE-2024-27306 python-aiohttp: aiohttp: XSS on index pages for static file handling [epel-all] |
| 2276000 | NEW | medium | TRIAGE CVE-2024-20380 clamav: denial of service via HTML parser [epel-all] |
| 2276116 | NEW | medium | CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 chromium: ffmpeg: multiple vulnerabilities [epel-all] |
| 2276117 | NEW | medium | CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 qt5-qtwebengine: ffmpeg: multiple vulnerabilities [epel-all] |
| 2276123 | NEW | medium | CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 chromium: ffmpeg: multiple vulnerabilites [epel-all] |
| 2276124 | NEW | medium | CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 qt5-qtwebengine: ffmpeg: multiple vulnerabilites [epel-all] |
| 2276130 | NEW | medium | CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 chromium: ffmpeg: multiple vulnerabilitites [epel-all] |
| 2276131 | NEW | medium | CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 qt5-qtwebengine: ffmpeg: multiple vulnerabilitites [epel-all] |
| 2276154 | NEW | medium | CVE-2024-1681 python-flask-cors: improper output neutralization for logs [epel-all] |