Repo Status -
Overall Status
Page updated: 2025-11-12 13:03
| 2375005 | NEW | medium | CVE-2025-6442 rubygem-webrick: Ruby WEBrick Request Smuggling Vulnerability [epel-10] |
| 2375129 | NEW | low | CVE-2025-6750 hdf5: HDF5 Heap Buffer Overflow [epel-10] |
| 2375487 | NEW | low | CVE-2025-6858 hdf5: HDF5 Null Pointer Dereference [epel-10] |
| 2375491 | NEW | low | CVE-2025-6857 hdf5: HDF5 Stack Buffer Overflow [epel-10] |
| 2375493 | NEW | low | CVE-2025-6856 hdf5: HDF5 Use-After-Free Vulnerability [epel-10] |
| 2375495 | NEW | low | CVE-2025-6818 hdf5: HDF5 Heap Overflow [epel-10] |
| 2375501 | NEW | low | CVE-2025-6817 hdf5: HDF5 Resource Consumption Vulnerability [epel-10] |
| 2375505 | NEW | low | CVE-2025-6816 hdf5: HDF5 Heap Buffer Overflow [epel-10] |
| 2375950 | NEW | medium | CVE-2025-52891 mod_security: ModSecurity segmentation fault [epel-10] |
| 2376248 | NEW | high | CVE-2025-53367 djvulibre: DjVuLibre out of bounds write [epel-10] |
| 2376968 | NEW | low | CVE-2024-25178 luajit: Out of bounds read in LuaJIT [epel-10] |
| 2376975 | NEW | low | CVE-2024-25177 luajit: Out of bounds read in LuaJIT [epel-10] |
| 2376984 | NEW | low | CVE-2024-25176 luajit: From CVEorg collector [epel-10] |
| 2378816 | NEW | high | CVE-2025-48384 cgit: Git arbitrary code execution [epel-10] |
| 2378820 | NEW | medium | CVE-2025-48386 cgit: Git buffer overflow [epel-10] |
| 2378824 | NEW | high | CVE-2025-48385 cgit: Git arbitrary file writes [epel-10] |
| 2379615 | NEW | low | CVE-2025-48924 pdftk-java: Uncontrolled Recursion vulnerability in Apache Commons Lang [epel-10] |
| 2379636 | NEW | low | CVE-2025-48924 libphonenumber: Uncontrolled Recursion vulnerability in Apache Commons Lang [epel-10] |
| 2379820 | NEW | medium | CVE-2025-7545 radare2: Binutils: Heap Buffer Overflow [epel-10] |
| 2379821 | NEW | medium | CVE-2025-7545 rizin: Binutils: Heap Buffer Overflow [epel-10] |
| 2379824 | NEW | medium | CVE-2025-7546 radare2: Binutils: Out-of-bounds Write Vulnerability [epel-10] |
| 2379826 | NEW | medium | CVE-2025-7546 rizin: Binutils: Out-of-bounds Write Vulnerability [epel-10] |
| 2379953 | POST | medium | CVE-2025-51591 pandoc: Server-Side Request Forgery in Pandoc [epel-10] |
| 2379979 | NEW | low | CVE-2025-53014 ImageMagick: ImageMagick Heap Buffer Overflow [epel-10] |
| 2379980 | NEW | medium | CVE-2025-53101 ImageMagick: ImageMagick Stack Buffer Overflow [epel-10] |
| 2379981 | NEW | medium | CVE-2025-53015 ImageMagick: ImageMagick unbounded loop [epel-10] |
| 2379982 | NEW | low | CVE-2025-53019 ImageMagick: ImageMagick Memory Leak [epel-10] |
| 2381578 | NEW | medium | CVE-2025-7700 ffmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c) [epel-10] |
| 2381811 | NEW | high | CVE-2025-53644 opencv: OpenCV use after free [epel-10] |
| 2381822 | NEW | medium | CVE-2025-53817 7zip: 7-Zip Null pointer array write [epel-10] |
| 2381825 | NEW | medium | CVE-2025-53816 7zip: 7-Zip heap buffer overflow [epel-10] |
| 2382273 | NEW | low | CVE-2025-54352 wordpress: WordPress Pingback Title Disclosure Vulnerability [epel-10] |
| 2383360 | NEW | medium | CVE-2025-46805 screen: Race Conditions when Sending Signals [epel-all] |
| 2384000 | NEW | medium | CVE-2025-8263 yarnpkg: prettier parseNestedCSS ReDoS [epel-10] |
| 2384060 | NEW | medium | CVE-2025-8194 asahi-installer: Cpython infinite loop when parsing a tarfile [epel-10] |
| 2385904 | NEW | medium | CVE-2025-45768 python-jwt: pyjwt Weak Encryption Vulnerability [epel-10] |
| 2386811 | NEW | medium | CVE-2025-54571 mod_security: ModSecurity Content-Type Override Vulnerability [epel-10] |
| 2387011 | NEW | low | CVE-2025-54798 yarnpkg: tmp Symbolic Link Write Vulnerability [epel-10] |
| 2387643 | NEW | low | CVE-2025-55188 7zip: 7-Zip Symbolic Link Extraction Vulnerability [epel-10] |
| 2388023 | NEW | medium | CVE-2025-8885 pdftk-java: Bouncy Castle denial of service parsing ASN.1 Object Identifiers [epel-10] |
| 2388277 | NEW | medium | CVE-2025-8916 pdftk-java: BouncyCastle denial of service [epel-10] |
| 2388308 | NEW | medium | CVE-2025-55160 ImageMagick: ImageMagick: Undefined Behavior [epel-10] |
| 2388309 | NEW | low | CVE-2025-55005 ImageMagick: ImageMagick: heap-buffer overflow [epel-10] |
| 2388311 | NEW | high | CVE-2025-55154 ImageMagick: ImageMagick: integer overflows in MNG magnification [epel-10] |
| 2388312 | NEW | high | CVE-2025-55004 ImageMagick: ImageMagick: heap-buffer overflow [epel-10] |
| 2388882 | ON_QA | high | CVE-2025-8959 opentofu: HashiCorp go-getter Arbitrary File Read [epel-10] |
| 2389223 | NEW | low | CVE-2025-9092 pdftk-java: Bouncycastle Resource Exhaustion [epel-10] |
| 2389960 | NEW | high | CVE-2025-9287 yarnpkg: Cipher-base hash manipulation [epel-10] |
| 2389999 | NEW | high | CVE-2025-9288 yarnpkg: Missing type checks leading to hash rewind and passing on crafted data [epel-10] |
| 2390167 | NEW | low | CVE-2025-9308 yarnpkg: yarnpkg regular expression denial of service [epel-10] |
| 2391120 | NEW | high | CVE-2025-55298 ImageMagick: ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution [epel-all] |
| 2391123 | NEW | low | CVE-2025-55212 ImageMagick: ImageMagick crash on crafted input [epel-10] |
| 2391603 | NEW | medium | CVE-2025-58058 image-builder: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391604 | ON_QA | medium | CVE-2025-58058 opentofu: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391976 | NEW | low | CVE-2025-58160 vaultwarden: Tracing log pollution [epel-10] |
| 2392351 | NEW | medium | CVE-2025-9732 dcmtk: DCMTK dcm2img diybrpxt.h memory corruption [epel-10] |
| 2392573 | NEW | medium | CVE-2025-9810 keydb: TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes [epel-10] |
| 2392632 | NEW | high | CVE-2025-49794 qt6-qtwebengine: Heap use after free (UAF) leads to Denial of service (DoS) [epel-all] |
| 2392637 | NEW | high | CVE-2025-49796 qt6-qtwebengine: Type confusion leads to Denial of service (DoS) [epel-all] |
| 2392665 | NEW | medium | CVE-2025-9375 python-xmltodict: xmltodict XML Injection [epel-10] |
| 2392771 | NEW | high | CVE-2025-57803 ImageMagick: ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow [epel-10] |
| 2392945 | NEW | high | CVE-2025-57052 cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings [epel-all] |
| 2393598 | NEW | medium | CVE-2025-57807 ImageMagick: ImageMagick BlobStream Forward-Seek Under-Allocation [epel-10] |
| 2394111 | NEW | medium | CVE-2025-9951 ffmpeg: heap-based buffer overflow in jpeg2000dec [epel-all] |
| 2394114 | NEW | medium | CVE-2025-9951 qt6-qtwebengine: heap-based buffer overflow in jpeg2000dec [epel-all] |
| 2394496 | NEW | medium | CVE-2025-10256 ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) [epel-all] |
| 2394499 | NEW | medium | CVE-2025-10256 qt6-qtwebengine: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) [epel-all] |
| 2394877 | NEW | medium | CVE-2025-9086 davix: Curl out of bounds read for cookie path [epel-10] |
| 2395149 | NEW | high | CVE-2025-10201 qt6-qtwebengine: Inappropriate implementation in Mojo [epel-all] |
| 2397728 | NEW | medium | CVE-2025-58246 wordpress: WordPress Sensitive Data Exposure [epel-10] |
| 2397729 | NEW | medium | CVE-2025-58674 wordpress: WordPress Cross Site Scripting (XSS) [epel-10] |
| 2397967 | NEW | high | CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [epel-10] |
| 2398124 | NEW | medium | CVE-2025-10911 qt6-qtwebengine: use-after-free with key data stored cross-RVT [epel-all] |
| 2398269 | NEW | medium | CVE-2025-56648 golang-github-evanw-esbuild: Parcel Origin Validation Error [epel-10] |
| 2398284 | NEW | medium | CVE-2025-47910 chezmoi: CrossOriginProtection bypass in net/http [epel-10] |
| 2398285 | NEW | medium | CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [epel-10] |
| 2398286 | NEW | medium | CVE-2025-47910 forgejo: CrossOriginProtection bypass in net/http [epel-10] |
| 2398287 | NEW | medium | CVE-2025-47910 gdu: CrossOriginProtection bypass in net/http [epel-10] |
| 2398288 | ON_QA | medium | CVE-2025-47910 gh: CrossOriginProtection bypass in net/http [epel-10] |
| 2398289 | NEW | medium | CVE-2025-47910 git-credential-oauth: CrossOriginProtection bypass in net/http [epel-10] |
| 2398290 | NEW | medium | CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [epel-10] |
| 2398291 | NEW | medium | CVE-2025-47910 golang-etcd-bbolt: CrossOriginProtection bypass in net/http [epel-10] |
| 2398292 | NEW | medium | CVE-2025-47910 golang-github-evanw-esbuild: CrossOriginProtection bypass in net/http [epel-10] |
| 2398293 | NEW | medium | CVE-2025-47910 golang-github-google-pprof: CrossOriginProtection bypass in net/http [epel-10] |
| 2398294 | NEW | medium | CVE-2025-47910 golang-github-googleapis-gnostic: CrossOriginProtection bypass in net/http [epel-10] |
| 2398295 | NEW | medium | CVE-2025-47910 golang-github-jmespath: CrossOriginProtection bypass in net/http [epel-10] |
| 2398296 | NEW | medium | CVE-2025-47910 golang-github-mailru-easyjson: CrossOriginProtection bypass in net/http [epel-10] |
| 2398297 | NEW | medium | CVE-2025-47910 golang-github-pelletier-toml: CrossOriginProtection bypass in net/http [epel-10] |
| 2398298 | NEW | medium | CVE-2025-47910 helm: CrossOriginProtection bypass in net/http [epel-10] |
| 2398299 | NEW | medium | CVE-2025-47910 image-builder: CrossOriginProtection bypass in net/http [epel-10] |
| 2398300 | NEW | medium | CVE-2025-47910 kitty: CrossOriginProtection bypass in net/http [epel-10] |
| 2398301 | NEW | medium | CVE-2025-47910 kustomize: CrossOriginProtection bypass in net/http [epel-10] |
| 2398303 | NEW | medium | CVE-2025-47910 matterbridge: CrossOriginProtection bypass in net/http [epel-10] |
| 2398304 | NEW | medium | CVE-2025-47910 node-exporter: CrossOriginProtection bypass in net/http [epel-10] |
| 2398306 | ON_QA | medium | CVE-2025-47910 opentofu: CrossOriginProtection bypass in net/http [epel-10] |
| 2398307 | NEW | medium | CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [epel-10] |
| 2398308 | NEW | medium | CVE-2025-47910 prometheus-podman-exporter: CrossOriginProtection bypass in net/http [epel-10] |
| 2398309 | NEW | medium | CVE-2025-47910 rclone: CrossOriginProtection bypass in net/http [epel-10] |
| 2398310 | NEW | medium | CVE-2025-47910 restic: CrossOriginProtection bypass in net/http [epel-10] |
| 2398312 | NEW | medium | CVE-2025-47910 snapd: CrossOriginProtection bypass in net/http [epel-10] |
| 2398313 | NEW | medium | CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-10] |
| 2398315 | NEW | medium | CVE-2025-47910 xq: CrossOriginProtection bypass in net/http [epel-10] |
| 2398316 | NEW | medium | CVE-2025-47910 yq: CrossOriginProtection bypass in net/http [epel-10] |
| 2398913 | NEW | medium | CVE-2025-47906 age: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398915 | NEW | medium | CVE-2025-47906 chezmoi: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398916 | NEW | medium | CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398917 | NEW | medium | CVE-2025-47906 forgejo: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398918 | NEW | medium | CVE-2025-47906 fzf: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398919 | NEW | medium | CVE-2025-47906 gdu: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398920 | ON_QA | medium | CVE-2025-47906 gh: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398921 | NEW | medium | CVE-2025-47906 git-credential-oauth: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398922 | NEW | medium | CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398923 | NEW | medium | CVE-2025-47906 gocryptfs: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398924 | NEW | medium | CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398925 | NEW | medium | CVE-2025-47906 golang-github-gogo-protobuf: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398926 | NEW | medium | CVE-2025-47906 golang-github-google-pprof: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398927 | NEW | medium | CVE-2025-47906 golang-github-googleapis-gnostic: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398928 | NEW | medium | CVE-2025-47906 golang-github-jmespath: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398929 | NEW | medium | CVE-2025-47906 golang-github-joho-godotenv: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398930 | NEW | medium | CVE-2025-47906 golang-github-mailru-easyjson: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398931 | NEW | medium | CVE-2025-47906 golang-github-posener-complete: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398932 | NEW | medium | CVE-2025-47906 golang-google-protobuf: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398933 | NEW | medium | CVE-2025-47906 gum: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398934 | NEW | medium | CVE-2025-47906 helm: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398935 | NEW | medium | CVE-2025-47906 image-builder: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398936 | NEW | medium | CVE-2025-47906 kitty: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398937 | NEW | medium | CVE-2025-47906 kustomize: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398939 | NEW | medium | CVE-2025-47906 matterbridge: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398940 | NEW | medium | CVE-2025-47906 node-exporter: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398942 | ON_QA | medium | CVE-2025-47906 opentofu: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398943 | NEW | medium | CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398944 | NEW | medium | CVE-2025-47906 prometheus-podman-exporter: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398945 | ASSIGNED | medium | CVE-2025-47906 qpid-proton: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398947 | NEW | medium | CVE-2025-47906 rclone: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398948 | NEW | medium | CVE-2025-47906 restic: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398950 | NEW | medium | CVE-2025-47906 smtprelay: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398951 | NEW | medium | CVE-2025-47906 snapd: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398952 | NEW | medium | CVE-2025-47906 syncthing: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398953 | NEW | medium | CVE-2025-47906 xq: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398954 | NEW | medium | CVE-2025-47906 yq: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2399686 | NEW | medium | CVE-2025-11065 glow: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [epel-10] |
| 2399687 | NEW | medium | CVE-2025-11065 kustomize: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [epel-10] |
| 2399688 | NEW | medium | CVE-2025-11065 opentofu: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [epel-10] |
| 2399822 | NEW | medium | CVE-2025-57347 forgejo: dagre-d3-es prototype pollution [epel-10] |
| 2399824 | NEW | medium | CVE-2025-57347 jupyterlab: dagre-d3-es prototype pollution [epel-10] |
| 2400261 | NEW | medium | CVE-2025-11083 cross-binutils: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400262 | NEW | medium | CVE-2025-11082 cross-binutils: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400263 | NEW | medium | CVE-2025-11083 golang-github-google-pprof: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400264 | NEW | medium | CVE-2025-11081 cross-binutils: GNU Binutils out-of-bounds read [epel-10] |
| 2400265 | NEW | medium | CVE-2025-11083 radare2: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400266 | NEW | medium | CVE-2025-11081 golang-github-google-pprof: GNU Binutils out-of-bounds read [epel-10] |
| 2400267 | NEW | medium | CVE-2025-11082 golang-github-google-pprof: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400268 | NEW | medium | CVE-2025-11083 rizin: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400269 | NEW | medium | CVE-2025-11081 radare2: GNU Binutils out-of-bounds read [epel-10] |
| 2400271 | NEW | medium | CVE-2025-11082 radare2: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400272 | NEW | medium | CVE-2025-11081 rizin: GNU Binutils out-of-bounds read [epel-10] |
| 2400273 | NEW | medium | CVE-2025-11082 rizin: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400658 | NEW | medium | CVE-2025-9230 sslscan: Out-of-bounds read & write in RFC 3211 KEK Unwrap [epel-10] |
| 2400667 | NEW | low | CVE-2025-9232 sslscan: Out-of-bounds read in HTTP client no_proxy handling [epel-10] |
| 2401812 | NEW | high | CVE-2025-59728 ffmpeg: Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path [epel-10] |
| 2401821 | NEW | medium | CVE-2025-59730 ffmpeg: Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48 [epel-10] |
| 2401823 | NEW | medium | CVE-2025-59729 ffmpeg: Heap-buffer-overflow read in FFmpeg DHAV get_duration [epel-10] |
| 2401825 | NEW | medium | CVE-2025-59731 ffmpeg: Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress [epel-10] |
| 2401827 | NEW | high | CVE-2025-59733 ffmpeg: Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress [epel-10] |
| 2401828 | NEW | high | CVE-2025-59732 ffmpeg: Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress [epel-10] |
| 2401833 | NEW | high | CVE-2025-59734 ffmpeg: Heap-buffer-overflow write in FFmpeg SANM process_ftch [epel-10] |
| 2402060 | NEW | high | CVE-2025-10502 qt6-qtwebengine: Heap buffer overflow in ANGLE [epel-all] |
| 2402067 | NEW | high | CVE-2025-10500 qt6-qtwebengine: Use after free in Dawn [epel-all] |
| 2402104 | NEW | high | CVE-2025-10200 qt6-qtwebengine: Use after free in Serviceworker. [epel-all] |
| 2402116 | NEW | high | CVE-2025-10890 qt6-qtwebengine: Side-channel information leakage in V8 [epel-all] |
| 2402125 | NEW | high | CVE-2025-10891 qt6-qtwebengine: Integer overflow in V8 [epel-all] |
| 2402132 | NEW | high | CVE-2025-10892 qt6-qtwebengine: Integer overflow in V8 [epel-all] |
| 2402816 | NEW | low | CVE-2025-11495 radare2: GNU Binutils Linker heap-based overflow [epel-10] |
| 2402817 | NEW | low | CVE-2025-11495 rizin: GNU Binutils Linker heap-based overflow [epel-10] |
| 2402818 | NEW | low | CVE-2025-11494 radare2: GNU Binutils Linker out-of-bounds read [epel-10] |
| 2402820 | NEW | low | CVE-2025-11494 rizin: GNU Binutils Linker out-of-bounds read [epel-10] |
| 2402857 | NEW | medium | CVE-2025-8291 asahi-installer: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [epel-10] |
| 2402858 | NEW | medium | CVE-2025-8291 python3.13: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [epel-10] |
| 2402984 | NEW | high | CVE-2025-59830 rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters [epel-10] |
| 2403133 | NEW | medium | CVE-2025-11579 chezmoi: RarDecode Out Of Memory Crash [epel-10] |
| 2403134 | NEW | medium | CVE-2025-11579 forgejo: RarDecode Out Of Memory Crash [epel-10] |
| 2403521 | NEW | high | CVE-2025-61919 rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion [epel-10] |
| 2403526 | NEW | medium | CVE-2025-61780 rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass [epel-10] |
| 2403977 | NEW | high | CVE-2025-61927 forgejo: Happy-DOM VM Context Escape [epel-10] |
| 2404264 | NEW | urgent | CVE-2025-62410 forgejo: --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom [epel-10] |
| 2404313 | NEW | medium | CVE-2025-59288 forgejo: Playwright Spoofing Vulnerability [epel-10] |
| 2404492 | NEW | low | CVE-2025-11839 radare2: GNU Binutils prdbg.c tg_tag_type return value [epel-10] |
| 2404493 | NEW | low | CVE-2025-11839 rizin: GNU Binutils prdbg.c tg_tag_type return value [epel-10] |
| 2404536 | NEW | low | CVE-2025-11840 radare2: GNU Binutils out-of-bounds read [epel-10] |
| 2404537 | NEW | low | CVE-2025-11840 rizin: GNU Binutils out-of-bounds read [epel-10] |
| 2404754 | NEW | low | CVE-2025-60358 radare2: From CVEorg collector [epel-10] |
| 2404755 | NEW | low | CVE-2025-60359 radare2: From CVEorg collector [epel-10] |
| 2404756 | NEW | low | CVE-2025-60361 radare2: From CVEorg collector [epel-10] |
| 2404825 | NEW | low | CVE-2025-60360 radare2: radare2 memory leak [epel-10] |
| 2404847 | NEW | medium | CVE-2025-62171 ImageMagick: ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems [epel-all] |
| 2405213 | NEW | low | CVE-2025-11679 libwebsockets: Out-of-bounds Read in libwebsockets PNG parsing [epel-10] |
| 2405247 | NEW | low | CVE-2025-11677 libwebsockets: Use After Free in libwebsockets WebSocket server [epel-10] |
| 2405258 | NEW | low | CVE-2025-11680 libwebsockets: Out-of-bounds Write in libwebsockets PNG parsing [epel-10] |
| 2405365 | NEW | medium | CVE-2025-59438 mbedtls: MbedTLS Padding oracle through timing of cipher error reporting [epel-10] |
| 2405566 | NEW | high | CVE-2025-11678 libwebsockets: Stack-based Buffer Overflow in libwebsockets [epel-10] |
| 2405671 | NEW | medium | CVE-2022-4981 dcmtk: DCMTK dcmqrscp dcmqrcnf.cc readPeerList null pointer dereference [epel-10] |
| 2405672 | NEW | medium | CVE-2020-36855 dcmtk: DCMTK dcmqrscp parseQuota stack-based overflow [epel-10] |
| 2406535 | NEW | medium | CVE-2025-12343 ffmpeg: Double-Free Vulnerability in FFmpeg TensorFlow DNN Backend [epel-10] |
| 2407465 | NEW | medium | CVE-2025-58189 apptainer: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407466 | NEW | medium | CVE-2025-58189 chezmoi: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407467 | NEW | medium | CVE-2025-58189 dnscrypt-proxy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407468 | NEW | medium | CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407469 | NEW | medium | CVE-2025-58189 forgejo: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407470 | NEW | medium | CVE-2025-58189 gdu: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407471 | ON_QA | medium | CVE-2025-58189 gh: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407472 | NEW | medium | CVE-2025-58189 git-credential-oauth: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407473 | NEW | medium | CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407474 | NEW | medium | CVE-2025-58189 golang-etcd-bbolt: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407475 | NEW | medium | CVE-2025-58189 golang-github-evanw-esbuild: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407476 | NEW | medium | CVE-2025-58189 golang-github-facebook-time: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407477 | NEW | medium | CVE-2025-58189 golang-github-google-pprof: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407478 | NEW | medium | CVE-2025-58189 golang-github-googleapis-gnostic: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407479 | NEW | medium | CVE-2025-58189 golang-github-jmespath: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407480 | NEW | medium | CVE-2025-58189 golang-github-mailru-easyjson: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407481 | NEW | medium | CVE-2025-58189 golang-github-pelletier-toml: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407482 | NEW | medium | CVE-2025-58189 grpc: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407483 | NEW | medium | CVE-2025-58189 helm: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407484 | NEW | medium | CVE-2025-58189 image-builder: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407485 | NEW | medium | CVE-2025-58189 kitty: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407486 | NEW | medium | CVE-2025-58189 kustomize: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407487 | ASSIGNED | medium | CVE-2025-58189 libarrow: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407488 | NEW | medium | CVE-2025-58189 matterbridge: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407489 | NEW | medium | CVE-2025-58189 node-exporter: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407490 | NEW | medium | CVE-2025-58189 openbao: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407491 | NEW | medium | CVE-2025-58189 opentofu: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407492 | NEW | medium | CVE-2025-58189 podman-tui: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407493 | NEW | medium | CVE-2025-58189 prometheus-podman-exporter: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407494 | NEW | medium | CVE-2025-58189 rclone: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407495 | NEW | medium | CVE-2025-58189 restic: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407496 | NEW | medium | CVE-2025-58189 singularity-ce: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407497 | NEW | medium | CVE-2025-58189 smtprelay: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407498 | NEW | medium | CVE-2025-58189 snapd: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407499 | NEW | medium | CVE-2025-58189 syncthing: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407500 | NEW | medium | CVE-2025-58189 thrift: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407501 | NEW | medium | CVE-2025-58189 xq: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407502 | NEW | medium | CVE-2025-58189 yq: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2408523 | NEW | medium | CVE-2025-61725 apptainer: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408524 | NEW | medium | CVE-2025-61725 chezmoi: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408525 | NEW | medium | CVE-2025-61725 forgejo: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408526 | ON_QA | medium | CVE-2025-61725 gh: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408527 | NEW | medium | CVE-2025-61725 image-builder: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408528 | NEW | medium | CVE-2025-61725 kustomize: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408529 | NEW | medium | CVE-2025-61725 matterbridge: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408530 | NEW | medium | CVE-2025-61725 openbao: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408531 | NEW | medium | CVE-2025-61725 opentofu: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408532 | NEW | medium | CVE-2025-61725 podman-tui: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408533 | NEW | medium | CVE-2025-61725 prometheus-podman-exporter: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408534 | NEW | medium | CVE-2025-61725 rclone: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408535 | NEW | medium | CVE-2025-61725 restic: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408536 | NEW | medium | CVE-2025-61725 singularity-ce: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408537 | NEW | medium | CVE-2025-61725 smtprelay: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408538 | NEW | medium | CVE-2025-61725 snapd: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408909 | NEW | medium | CVE-2025-61723 age: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408910 | NEW | medium | CVE-2025-61723 apptainer: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408911 | NEW | medium | CVE-2025-61723 chezmoi: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408912 | NEW | medium | CVE-2025-61723 dnscrypt-proxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408913 | NEW | medium | CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408914 | NEW | medium | CVE-2025-61723 forgejo: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408916 | NEW | medium | CVE-2025-61723 gdu: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408918 | ON_QA | medium | CVE-2025-61723 gh: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408920 | NEW | medium | CVE-2025-61723 git-credential-oauth: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408922 | NEW | medium | CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408924 | NEW | medium | CVE-2025-61723 golang-etcd-bbolt: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408926 | NEW | medium | CVE-2025-61723 golang-github-evanw-esbuild: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408928 | NEW | medium | CVE-2025-61723 golang-github-facebook-time: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408929 | NEW | medium | CVE-2025-61723 golang-github-google-pprof: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408930 | NEW | medium | CVE-2025-61723 golang-github-googleapis-gnostic: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408931 | NEW | medium | CVE-2025-61723 golang-github-jmespath: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408932 | NEW | medium | CVE-2025-61723 golang-github-mailru-easyjson: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408933 | NEW | medium | CVE-2025-61723 golang-github-pelletier-toml: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408934 | NEW | medium | CVE-2025-61723 grpc: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408935 | NEW | medium | CVE-2025-61723 helm: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408936 | NEW | medium | CVE-2025-61723 image-builder: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408937 | NEW | medium | CVE-2025-61723 kitty: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408938 | NEW | medium | CVE-2025-61723 kustomize: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408939 | ASSIGNED | medium | CVE-2025-61723 libarrow: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408940 | NEW | medium | CVE-2025-61723 matterbridge: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408941 | NEW | medium | CVE-2025-61723 node-exporter: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408942 | NEW | medium | CVE-2025-61723 openbao: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408943 | NEW | medium | CVE-2025-61723 opentofu: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408944 | NEW | medium | CVE-2025-61723 podman-tui: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408945 | NEW | medium | CVE-2025-61723 prometheus-podman-exporter: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408946 | NEW | medium | CVE-2025-61723 rclone: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408947 | NEW | medium | CVE-2025-61723 restic: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408948 | NEW | medium | CVE-2025-61723 singularity-ce: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408949 | NEW | medium | CVE-2025-61723 smtprelay: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408950 | NEW | medium | CVE-2025-61723 snapd: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408951 | NEW | medium | CVE-2025-61723 syncthing: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408952 | NEW | medium | CVE-2025-61723 thrift: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408953 | NEW | medium | CVE-2025-61723 xq: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408954 | NEW | medium | CVE-2025-61723 yq: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2409854 | NEW | medium | CVE-2025-58185 age: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409855 | NEW | medium | CVE-2025-58185 apptainer: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409856 | NEW | medium | CVE-2025-58185 chezmoi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409857 | NEW | medium | CVE-2025-58185 dnscrypt-proxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409858 | NEW | medium | CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409859 | NEW | medium | CVE-2025-58185 forgejo: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409860 | NEW | medium | CVE-2025-58185 gdu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409861 | NEW | medium | CVE-2025-58185 gh: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409862 | NEW | medium | CVE-2025-58185 git-credential-oauth: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409863 | NEW | medium | CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409864 | NEW | medium | CVE-2025-58185 golang-etcd-bbolt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409865 | NEW | medium | CVE-2025-58185 golang-github-evanw-esbuild: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409866 | NEW | medium | CVE-2025-58185 golang-github-facebook-time: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409867 | NEW | medium | CVE-2025-58185 golang-github-gogo-protobuf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409868 | NEW | medium | CVE-2025-58185 golang-github-google-pprof: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409869 | NEW | medium | CVE-2025-58185 golang-github-googleapis-gnostic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409870 | NEW | medium | CVE-2025-58185 golang-github-jmespath: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409871 | NEW | medium | CVE-2025-58185 golang-github-mailru-easyjson: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409872 | NEW | medium | CVE-2025-58185 golang-github-oklog-ulid: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409873 | NEW | medium | CVE-2025-58185 golang-github-pelletier-toml: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409874 | NEW | medium | CVE-2025-58185 golang-google-protobuf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409875 | NEW | medium | CVE-2025-58185 grpc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409876 | NEW | medium | CVE-2025-58185 helm: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409877 | NEW | medium | CVE-2025-58185 image-builder: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409878 | NEW | medium | CVE-2025-58185 kitty: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409879 | NEW | medium | CVE-2025-58185 kustomize: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409880 | ASSIGNED | medium | CVE-2025-58185 libarrow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409881 | NEW | medium | CVE-2025-58185 matterbridge: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409883 | NEW | medium | CVE-2025-58185 node-exporter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409884 | NEW | medium | CVE-2025-58185 openbao: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409885 | NEW | medium | CVE-2025-58185 opentofu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409886 | NEW | medium | CVE-2025-58185 podman-tui: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409887 | NEW | medium | CVE-2025-58185 prometheus-podman-exporter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409888 | NEW | medium | CVE-2025-58185 rclone: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409889 | NEW | medium | CVE-2025-58185 restic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409890 | NEW | medium | CVE-2025-58185 singularity-ce: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409891 | NEW | medium | CVE-2025-58185 smtprelay: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409892 | NEW | medium | CVE-2025-58185 snapd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409893 | NEW | medium | CVE-2025-58185 syncthing: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409894 | NEW | medium | CVE-2025-58185 thrift: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409895 | NEW | medium | CVE-2025-58185 xq: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409896 | NEW | medium | CVE-2025-58185 yq: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2410798 | NEW | medium | CVE-2025-58188 age: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410799 | NEW | medium | CVE-2025-58188 apptainer: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410800 | NEW | medium | CVE-2025-58188 chezmoi: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410801 | NEW | medium | CVE-2025-58188 dnscrypt-proxy: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410802 | NEW | medium | CVE-2025-58188 fluent-bit: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410803 | NEW | medium | CVE-2025-58188 forgejo: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410804 | NEW | medium | CVE-2025-58188 gdu: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410805 | NEW | medium | CVE-2025-58188 gh: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410806 | NEW | medium | CVE-2025-58188 git-credential-oauth: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410807 | NEW | medium | CVE-2025-58188 glow: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410808 | NEW | medium | CVE-2025-58188 golang-etcd-bbolt: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410809 | NEW | medium | CVE-2025-58188 golang-github-evanw-esbuild: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410810 | NEW | medium | CVE-2025-58188 golang-github-facebook-time: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410811 | NEW | medium | CVE-2025-58188 golang-github-google-pprof: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410812 | NEW | medium | CVE-2025-58188 golang-github-googleapis-gnostic: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410813 | NEW | medium | CVE-2025-58188 golang-github-jmespath: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410814 | NEW | medium | CVE-2025-58188 golang-github-mailru-easyjson: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410815 | NEW | medium | CVE-2025-58188 golang-github-pelletier-toml: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410816 | NEW | medium | CVE-2025-58188 grpc: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410817 | NEW | medium | CVE-2025-58188 helm: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410818 | NEW | medium | CVE-2025-58188 image-builder: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410819 | NEW | medium | CVE-2025-58188 kitty: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410820 | NEW | medium | CVE-2025-58188 kustomize: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410821 | ASSIGNED | medium | CVE-2025-58188 libarrow: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410822 | NEW | medium | CVE-2025-58188 matterbridge: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410823 | NEW | medium | CVE-2025-58188 node-exporter: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410824 | NEW | medium | CVE-2025-58188 openbao: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410825 | NEW | medium | CVE-2025-58188 opentofu: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410826 | NEW | medium | CVE-2025-58188 podman-tui: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410827 | NEW | medium | CVE-2025-58188 prometheus-podman-exporter: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410828 | NEW | medium | CVE-2025-58188 rclone: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410829 | NEW | medium | CVE-2025-58188 restic: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410830 | NEW | medium | CVE-2025-58188 singularity-ce: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410831 | NEW | medium | CVE-2025-58188 smtprelay: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410832 | NEW | medium | CVE-2025-58188 snapd: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410833 | NEW | medium | CVE-2025-58188 syncthing: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410834 | NEW | medium | CVE-2025-58188 thrift: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410835 | NEW | medium | CVE-2025-58188 xq: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410836 | NEW | medium | CVE-2025-58188 yq: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2412476 | NEW | medium | CVE-2025-58183 apptainer: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412478 | NEW | medium | CVE-2025-58183 chezmoi: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412479 | NEW | medium | CVE-2025-58183 forgejo: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412480 | NEW | medium | CVE-2025-58183 gh: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412482 | NEW | medium | CVE-2025-58183 golang-github-vbatts-tar-split: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412484 | NEW | medium | CVE-2025-58183 helm: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412485 | NEW | medium | CVE-2025-58183 image-builder: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412487 | NEW | medium | CVE-2025-58183 kitty: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412488 | NEW | medium | CVE-2025-58183 matterbridge: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412489 | NEW | medium | CVE-2025-58183 openbao: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412490 | NEW | medium | CVE-2025-58183 opentofu: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412492 | NEW | medium | CVE-2025-58183 podman-tui: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412493 | NEW | medium | CVE-2025-58183 prometheus-podman-exporter: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412495 | NEW | medium | CVE-2025-58183 restic: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412496 | NEW | medium | CVE-2025-58183 singularity-ce: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412497 | NEW | medium | CVE-2025-58183 snapd: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412498 | NEW | medium | CVE-2025-58183 syncthing: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412499 | NEW | medium | CVE-2025-58183 trivy: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412973 | ON_QA | medium | CVE-2025-46705 lasso: Denial of service in Entr'ouvert Lasso [epel-10] |
| 2413014 | ON_QA | urgent | CVE-2025-47151 lasso: Type confusion in Entr'ouvert Lasso [epel-10] |
| 2413049 | NEW | low | CVE-2025-6075 asahi-installer: Quadratic complexity in os.path.expandvars() with user-controlled template [epel-10] |
| 2413050 | NEW | low | CVE-2025-6075 python3.13: Quadratic complexity in os.path.expandvars() with user-controlled template [epel-10] |
| 2414287 | MODIFIED | high | CVE-2025-64512 python-pdfminer: pdfminer.six Arbitrary Code Execution via Crafted PDF Input [epel-10] |
| 2414296 | NEW | low | CVE-2025-23050 qt5: Qt missing length check [epel-10] |
| 2414356 | NEW | medium | CVE-2025-12906 chromium: Inappropriate implementation in Permissions [epel-10] |
| 2414368 | NEW | low | CVE-2025-12910 chromium: Inappropriate implementation in Passkeys [epel-10] |
| 2414380 | NEW | medium | CVE-2025-12908 chromium: Insufficient validation of untrusted input in Downloads [epel-10] |
| 2414404 | NEW | medium | CVE-2025-12905 chromium: Inappropriate implementation in Download [epel-10] |
| 2414420 | NEW | high | CVE-2025-12907 chromium: Insufficient validation of untrusted input in Devtools [epel-10] |
| 2414432 | NEW | low | CVE-2025-12911 chromium: Inappropriate implementation in Permissions [epel-10] |
| 2414444 | NEW | medium | CVE-2025-12909 chromium: Insufficient policy enforcement in Devtools [epel-10] |