Will It CVE Bugz With in epel7

Repo Status - Overall Status
Page updated: 2023-11-21 11:36

epel7

CVE Bugz

1203198 NEW medium CVE-2015-8856 nodejs-serve-index: serve-index: persistant cross-site scripting flaw [epel-7]
1289236 NEW medium CVE-2015-7543 kdelibs3: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]
1289238 NEW medium CVE-2015-7543 arts: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]
1327059 NEW medium CVE-2015-8851 nodejs-node-uuid: insecure entropy source - Math.random() [epel-7]
1343542 NEW high CVE-2016-1181 CVE-2016-1182 struts: various flaws [epel-7]
1357923 NEW high CVE-2016-1000108 yaws: sets environmental variable based on user supplied Proxy request header [epel-7]
1404146 ON_QA medium CVE-2016-9939 cryptopp: DoS in ASN.1 parser due to octet processing [epel-all]
1404190 NEW medium CVE-2017-1000188 CVE-2017-1000189 nodejs-ejs: various flaws [epel-all]
1409749 NEW medium CVE-2016-9877 rabbitmq-server: rabbitmq: MQTT connection authentication succeeds with empty password [epel-all]
1414686 NEW medium CVE-2016-6175 php-php-gettext: $string variable not sufficiently sanitized [epel-all]
1417570 NEW medium CVE-2017-5617 svgsalamander: Server side request forgery via crafted scheme attributes [epel-7]
1417580 NEW medium CVE-2016-10173 rubygem-archive-tar-minitar: Directory traversal during archive extraction [epel-7]
1418585 NEW medium CVE-2015-8981 CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5855 CVE-2017-5886 podofo: Multiple security vulnerabilities [epel-all]
1422814 NEW medium CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6306 CVE-2017-6800 CVE-2017-6801 CVE-2017-6802 libytnef: various flaws [epel-all]
1427876 NEW medium CVE-2017-1000048 nodejs-qs: Prototype override protection bypass [epel-7]
1433989 NEW medium CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions [epel-7]
1438434 NEW medium CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 podofo: various flaws [epel-all]
1439676 NEW medium CVE-2017-5950 yaml-cpp: Stack overflow in HandleNode() [epel-7]
1444025 NEW medium CVE-2015-6644 bouncycastle: Information disclosure in GCMBlockCipher [epel-all]
1444419 NEW low CVE-2017-3590 mysql-connector-python: Connector/Python unspecified vulnerability (CPU Apr 2017) [epel-all]
1448338 ASSIGNED medium CVE-2017-4965 CVE-2017-4966 CVE-2017-4967 rabbitmq-server: various flaws [epel-all]
1449199 NEW medium CVE-2017-8295 wordpress: Usage of Host HTTP header for a password-reset e-mail message [epel-all]
1457677 NEW low CVE-2017-9334 chicken: Unsafe pointer dereference due to incorrect pair? check in Scheme "length" procedure [epel-all]
1458791 ON_QA low CVE-2017-9434 cryptopp: Out-of-bounds read in zinflate [epel-all]
1462785 NEW medium CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function [epel-7]
1466433 NEW low CVE-2017-9847 rb_libtorrent: Heap-buffer overflow in bdecode function [epel-7]
1469677 NEW low CVE-2017-10989 sqlite2: sqlite: Heap-buffer overflow in the getNodeSize function [epel-all]
1472876 NEW low CVE-2017-11110 catdoc: Heap buffer overflow in the ole_init function [epel-all]
1473186 NEW low CVE-2017-10687 libsass: Heap buffer overf read in the json_mkstream() function [epel-7]
1474243 NEW medium CVE-2017-11521 resiprocate: Memory exhaustion due to many media connections [epel-all]
1474347 NEW low CVE-2017-11341 CVE-2017-11342 libsass: various flaws [epel-7]
1474938 NEW medium CVE-2017-11554 CVE-2017-11555 CVE-2017-11556 CVE-2017-11605 CVE-2017-11608 libsass: Multiple vulnerabilities [epel-7]
1477077 NEW medium CVE-2017-11692 yaml-cpp: assertion failure in Token& Scanner::peek function [epel-all]
1477561 NEW medium CVE-2017-12141 CVE-2017-12142 CVE-2017-12144 libytnef: various flaws [epel-all]
1478307 NEW medium CVE-2017-11721 quake3: Buffer overflow in MSG_ReadBits/MSG_WriteBits [epel-7]
1478929 NEW low CVE-2017-11330 divfix++: Invalid memory write in DivFixppCore::avi_header_fix function in src/DivFix++Core.cpp [epel-all]
1480611 NEW low CVE-2017-9787 struts: Denial of service when using a Spring AOP functionality [epel-7]
1480616 NEW low CVE-2017-7672 struts: Denial of service in built-in URLValidator [epel-7]
1483612 NEW medium CVE-2017-12481 CVE-2017-12482 CVE-2017-2807 CVE-2017-2808 ledger: various flaws [epel-all]
1483721 NEW high CVE-2017-12865 connman: Stack-based buffer overflow in parse_response function in src/dnsproxy.c [epel-7]
1483991 NEW medium CVE-2017-9454 resiprocate: buffer overlow in ares_parse_a_reply [epel-all]
1484822 NEW high CVE-2017-12976 git-annex: RCE via ssh URL with an initial dash character in the hostname [epel-all]
1485858 MODIFIED low CVE-2017-13692 CVE-2017-17497 tidy: various flaws [epel-7]
1488771 NEW high CVE-2017-5716 connman: Buffer overflow in connection manager daemon [epel-7]
1494402 ON_QA low CVE-2017-14227 libbson: Heap based buffer over read in the bson_utf8_validate function [epel-7]
1500701 NEW medium CVE-2017-16138 nodejs-mime: Regular expression Denial of Service [epel-all]
1504563 NEW high CVE-2017-12628 apache-james-project: Java deserialization in the JMX server [epel-7]
1513379 NEW medium CVE-2017-1000384 passenger: Arbitrary file read [epel-7]
1516177 NEW medium CVE-2017-14919 nodejs: DoS via specific windowBits value [epel-all]
1518236 NEW high CVE-2017-15118 qemu: stack buffer overflow in NBD server triggered via long export name [epel-7]
1518239 NEW medium CVE-2017-15119 qemu: DoS via large option request [epel-7]
1524587 NEW medium CVE-2016-4216 xmpcore: XXE resulting in information disclosure [epel-7]
1524917 NEW low CVE-2017-17505 CVE-2017-17506 CVE-2017-17507 CVE-2017-17508 CVE-2017-17509 hdf5: various flaws [epel-all]
1526159 NEW medium CVE-2017-17517 sylpheed: Command injection in libsylph/utils.c [epel-7]
1533651 NEW medium CVE-2018-5308 podofo: Out-of-bounds write in dfMemoryOutputStream::Write function in base/PdfOutputStream.cpp [epel-all]
1533663 NEW medium CVE-2018-5309 podofo: integer overflow in PdfObjectStreamParserObject::ReadObjectsFromStream in src/base/PdfObjectStreamParserObject.cpp [epel-all]
1534028 NEW medium CVE-2018-1000119 rubygem-rack-protection: rack-protection: Timing attack in authenticity_token.rb [epel-7]
1535119 NEW high CVE-2018-5704 openocd: Cross-protocol scripting attacks due to not blocking HTTP POST attempts on port 4444 [epel-all]
1537636 NEW low CVE-2018-5783 podofo: uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function in base/PdfVecObjects.h [epel-all]
1539910 NEW low CVE-2018-6352 podofo: Excessive iteration in PdfParser::ReadObjectsInternal function in src/base/PdfParser.cpp [epel-all]
1540190 NEW medium CVE-2016-10711 Pound: request smuggling via crafted headers [epel-all]
1542007 NEW medium CVE-2018-3836 CVE-2018-7186 leptonica: various flaws [epel-all]
1542043 NEW medium CVE-2018-6561 dojo: XSS via the onload attribute of an SVG element [epel-all]
1544621 NEW high CVE-2016-5397 thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands [epel-all]
1545885 NEW low CVE-2018-3721 nodejs-lodash: lodash: Prototype pollution in utilities function [epel-all]
1545894 NEW low CVE-2018-3728 nodejs-hoek: hoek: Prototype pollution in utilities function [epel-all]
1546055 NEW low CVE-2018-7175 CVE-2018-7173 CVE-2018-7174 xpdf: Multiple vulnerabilities [epel-all]
1547125 NEW low CVE-2018-7247 leptonica: Unsanitized input in pixHtmlViewer in prog/htmlviewer.c [epel-all]
1549412 NEW medium CVE-2017-18196 leptonica: Mishandled pathnames in /tmp subdirectories can allow users to bypass intended file restrictions [epel-all]
1549594 NEW low CVE-2018-7454 xpdf: NULL pointer dereference in XFAForm::scanFields in XFAForm.cc [epel-all]
1549600 NEW low CVE-2018-7455 xpdf: Out-of-bounds read in JPXStream::readTilePart in JPXStream.cc [epel-all]
1549605 NEW low CVE-2018-7453 xpdf: Infinite recursion in AcroForm::scanField in AcroForm.cc [epel-all]
1549609 NEW low CVE-2018-7452 xpdf: NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc [epel-all]
1549726 NEW medium CVE-2018-7440 leptonica: gplotMakeOutput command injection (CVE-2018-3836 incomplete fix) [epel-all]
1549738 NEW medium CVE-2018-7442 leptonica: directory traversal in gplot rootname argument [epel-all]
1549744 NEW medium CVE-2018-7441 leptonica: hardcoded /tmp paths [epel-all]
1550773 NEW low CVE-2018-13863 nodejs-bson: Regular expression denial of service in decimal128.js [epel-all]
1554399 NEW low CVE-2018-8000 CVE-2018-8001 CVE-2018-8002 podofo: various flaws [epel-all]
1557841 NEW high CVE-2018-8741 SquirrelMail: Directory traversal flaw in Deliver.class.php can allow a remote attacker to retrieve or delete arbitrary files [epel-all]
1558632 NEW low CVE-2018-7339 libmp4v2: Entry Number validation mishandle in the MP4 Table Property in MP4Atom class in mp4atom.cpp [epel-all]
1558806 NEW low CVE-2018-8740 sqlite2: sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service [epel-all]
1559128 NEW low CVE-2018-8100 CVE-2018-8101 CVE-2018-8102 CVE-2018-8103 CVE-2018-8104 CVE-2018-8105 CVE-2018-8106 CVE-2018-8107 xpdf: Multiple buffer overflow problems [epel-all]
1560342 NEW high CVE-2018-8741 SquirrelMail: Directory traversal flaw in Deliver.class.php can allow a remote attacker to retrieve or delete arbitrary files [epel-all]
1561968 NEW high CVE-2017-11509 firebird: Firebird fbudf Module Authenticated Remote Code Execution [epel-all]
1563916 NEW high CVE-2018-3846 cfitsio: Unsafe use of sprintf() can allow a remote unauthenticated attacker to execute arbitrary code [epel-all]
1567246 NEW medium CVE-2019-10196 nodejs-http-proxy-agent: Denial of Service and data leak due to improper buffer sanitization [epel-7]
1568181 NEW high CVE-2018-3848 cfitsio: Stack-based buffer overflow in ffghbn() allows for potential code execution [epel-all]
1568186 NEW high CVE-2018-3849 cfitsio: Stack-based buffer overflow in ffghtb() allows for potential code execution [epel-all]
1574853 ASSIGNED high CVE-2018-10380 pam-kwallet: Access to privileged files [epel-7]
1576652 NEW unspecified CVE-2018-3736 nodejs-https-proxy-agent: Unsanitized options passed to Buffer() allow for denial of service [epel-7]
1576895 RELEASE_PENDING high CVE-2017-14474 mysql-mmm: arbitrary command execution with the privileges of the mmm\_agentd process [epel-all]
1576898 RELEASE_PENDING high CVE-2017-14481 mysql-mmm: arbitrary command execution with the privileges of the mmm\_agentd process [epel-all]
1577915 POST medium CVE-2017-17688 CVE-2017-17689 trojita: various flaws [epel-7]
1578897 NEW low CVE-2018-11033 xpdf: Stream.cc:DCTStream::readHuffSym function in DCT decoder allows denial of service via crafted JPEG data [epel-all]
1579449 NEW high CVE-2017-14475 CVE-2017-14476 CVE-2017-14477 CVE-2017-14478 CVE-2017-14479 CVE-2017-14480 mysql-mmm: various flaws [epel-all]
1579947 NEW low CVE-2018-11202 CVE-2018-11203 CVE-2018-11204 CVE-2018-11205 CVE-2018-11206 CVE-2018-11207 hdf5: various flaws [epel-all]
1581284 NEW low CVE-2018-11254 CVE-2018-11255 CVE-2018-11256 podofo: various flaws [epel-all]
1584957 NEW medium CVE-2016-10555 nodejs-jwt-simple: Missing algorithm parameter in jwt.js:jwt_decode() can allow attackers to bypass JWT signature verification [epel-all]
1585955 NEW high CVE-2017-16042 nodejs-growl: Does not properly sanitize input before passing it to exec [epel-all]
1588307 NEW medium CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator [epel-all]
1588654 NEW medium CVE-2018-11698 libsass: Out-of-bounds read n function Sass::handle_error in sass_context.cpp [epel-7]
1588664 NEW medium CVE-2018-11697 libsass: Heap buffer over-read in Sass::Prelexer::exactly in lexer.hpp [epel-7]
1588671 NEW medium CVE-2018-11696 libsass: NULL pointer dereference in function Sass::Inspect::operator in inspect.cpp [epel-7]
1588676 NEW medium CVE-2018-11695 libsass: NULL pointer dereference was found in function Sass::Expand::operator in expand.cpp [epel-7]
1588679 NEW low CVE-2018-11694 libsass: NULL pointer dereference in function Sass::Functions::selector_append in functions.cpp [epel-7]
1588684 NEW medium CVE-2018-11693 libsass: Heap buffer over read in function Sass::Prelexer::skip_over_scopes in prelexer.hpp [epel-7]
1588778 NEW low CVE-2017-16129 nodejs-superagent: Resource exhaustion via HTTP server compressed replies [epel-all]
1588782 NEW medium CVE-2017-16119 nodejs-fresh: Regular expression denial of service when parsing crafted user input [epel-all]
1588834 NEW low CVE-2017-16026 nodejs-request: Remote Memory Exposure when a multipart request is made [epel-all]
1588847 NEW medium CVE-2017-16005 nodejs-http-signature: HTTP header forgery [epel-all]
1591007 NEW medium CVE-2018-7167 nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters [epel-all]
1591015 NEW medium CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash [epel-all]
1591021 NEW medium CVE-2018-7162 nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash [epel-all]
1591024 NEW medium CVE-2018-7164 nodejs: uncontrolled memory consumption when using the net.Socket as a stream [epel-all]
1591849 NEW medium CVE-2012-6708 python-XStatic-jQuery: js-jquery: XSS via improper selector detection [epel-7]
1591906 NEW medium CVE-2018-0495 CVE-2018-12437 libtomcrypt: various flaws [epel-all]
1592614 NEW high CVE-2018-12029 passenger: CHMOD race condition in nginx_module/ngx_http_passenger_module.c allows for local privilege escalation [epel-7]
1593013 NEW high CVE-2018-1002209 quazip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [epel-all]
1594419 NEW medium CVE-2018-12615 passenger: privilege lowering in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp [epel-7]
1594635 NEW high CVE-2018-10862 wildfly-common: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) [epel-7]
1595586 NEW high CVE-2018-12895 wordpress: Author users can execute arbitrary code by leveraging directory traversal on the wp-admin/post.php thumb parameter [epel-all]
1595635 NEW medium CVE-2018-10857 CVE-2018-10859 git-annex: various flaws [epel-all]
1597431 NEW low CVE-2018-12982 podofo: invalid memory read in the PoDoFo::PdfVariant::DelayedLoad function [epel-all]
1597433 NEW low CVE-2018-12983 podofo: stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function [epel-all]
1597488 NEW low CVE-2018-12913 miniz: Infinite loop in tinfl_decompress() allows for denial of service via crafted file [epel-all]
1600988 NEW low CVE-2018-14031 CVE-2018-14032 CVE-2018-14033 CVE-2018-14034 CVE-2018-14035 hdf5: various flaws [epel-all]
1601099 NEW medium CVE-2018-1000613 bouncycastle: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information [epel-all]
1601451 NEW low CVE-2018-13866 hdf5: stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c [epel-all]
1601491 NEW medium CVE-2018-13868 CVE-2018-13869 CVE-2018-13870 CVE-2018-13876 hdf5: various flaws [epel-all]
1602099 NEW low CVE-2018-12584 resiprocate: buffer overflow in resip/stack/ConnectionBase.cxx [epel-all]
1603424 NEW medium CVE-2018-14345 sddm: Password not checked for users with an already existing session if ReuseSession=true [epel-7]
1605315 NEW high CVE-2018-1999023 wesnoth: arbitrary code execution/sandbox escape [epel-7]
1605922 MODIFIED high CVE-2018-10900 NetworkManager-vpnc: privilege escalation allows to execute arbitrary commands as root [epel-all]
1607610 NEW medium CVE-2018-13867 CVE-2018-13871 CVE-2018-13872 CVE-2018-13873 CVE-2018-13874 CVE-2018-13875 CVE-2018-14460 hdf5: various flaws [epel-all]
1608142 NEW medium CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties [epel-7]
1608155 NEW medium CVE-2018-1000620 nodejs-cryptiles: Insecure randomness causes the randomDigits() function returns a pseudo-random data string biased to certain digits [epel-all]
1608171 NEW medium CVE-2018-1999024 mathjax: Cross-site scripting (XSS) flaw in the \unicode macro [epel-all]
1610172 NEW medium CVE-2018-14447 libconfuse: Out-of-bounds read in src/lexer.l:trim_whitespace() [epel-all]
1610950 NEW low CVE-2018-14444 libdxfrw: out-of-bounds read in dwgCompressor::decompress18 in dwgutil.cpp [epel-7]
1611051 NEW medium CVE-2018-14574 python-django16: django: Open redirect possibility in CommonMiddleware [epel-7]
1616085 NEW medium CVE-2018-14950 squirrelmail: persistent XSS in message display via a "1616088 NEW medium CVE-2018-14951 squirrelmail: persistent XSS in message display via a "
1701997 NEW medium CVE-2019-11358 js-jquery1: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection [epel-7]
1701999 NEW medium CVE-2019-11358 python-XStatic-jQuery: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection [epel-7]
1702339 NEW high CVE-2018-20834 nodejs-tar: Arbitrary file overwrites when extracting tarballs containing a hard-link [epel-all]
1705496 NEW medium CVE-2019-11631 moodle: remote authenticated administrator allows to execute arbitrary PHP code [epel-all]
1706052 NEW medium CVE-2018-20821 CVE-2018-20822 libsass: various flaws [epel-7]
1709681 NEW medium CVE-2018-16860 heimdal: samba: S4U2Self with unkeyed checksum [epel-all]
1709862 NEW low CVE-2019-5427 c3p0: loading XML configuration leads to denial of service [epel-7]
1710572 NEW medium CVE-2019-13173 nodejs-fstream: File overwrite in fstream.DirWriter() function [epel-all]
1714202 NEW medium CVE-2019-0976 nuget: tampering vulnerabilityallows authenticated attacker to modify intermediate build folder [epel-7]
1716828 NEW low CVE-2019-12515 xpdf: out-of-bounds read in function FlateStream::getChar() in Stream.cc [epel-all]
1716837 NEW low CVE-2019-12493 xpdf: stack-based buffer over-read in function PostScriptFunction::transform in Function.cc [epel-all]
1717408 NEW medium CVE-2019-12616 phpMyAdmin: broken tag provided by attacker and pointing at the victim's phpMyAdmin database can cause CSRF through the victim [epel-all]
1717410 NEW medium CVE-2019-11768 phpMyAdmin: specially crafted database name in the designer feature can be used to trigger an SQL injection attack [epel-all]
1718314 ASSIGNED high CVE-2019-12735 neovim: vim/neovim: the :source! command allows arbitrary command execution via the modeline [epel-7]
1725691 NEW low CVE-2019-12957 CVE-2019-12958 xpdf: various flaws [epel-all]
1726015 NEW medium CVE-2019-12781 python-django: Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS [epel-7]
1726501 NEW medium CVE-2019-12970 squirrelmail: improper handling of RCDATA and RAWTEXT type elements causing XSS [epel-all]
1727314 NEW medium CVE-2018-3739 nodejs-https-proxy-agent: Unsanitized options passed to Buffer() allow for denial of service [epel-7]
1727702 NEW medium CVE-2019-13241 FlightCrew: directory traversal allows to write arbitrary files [epel-7]
1727731 NEW low CVE-2019-13283 xpdf: heap-based buffer over-read in FoFiType1::parse in fofi/FoFiType1.cc [epel-all]
1727735 NEW low CVE-2019-13282 xpdf: heap-based buffer over-read in SampledFunction::transform in Function.cc [epel-all]
1727738 NEW low CVE-2019-13281 xpdf: heap-based buffer overflow in DCTStream::decodeImage() in Stream.cc [epel-all]
1728104 NEW low CVE-2019-13286 xpdf: heap-based buffer over-read in function JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc [epel-all]
1728108 NEW low CVE-2019-13291 xpdf: heap-based buffer over-read in function DCTStream::readScan() in Stream.cc [epel-all]
1728112 NEW low CVE-2019-13287 xpdf: out-of-bounds read in function SplashXPath::strokeAdjust() in splash/SplashXPath.cc [epel-all]
1728464 NEW medium CVE-2019-13288 xpdf: denial of service in function Parser::getObj() in Parser.cc [epel-all]
1728467 NEW low CVE-2019-13289 xpdf: use-after-free in function JBIG2Stream::close() in JBIG2Stream.cc [epel-all]
1728500 NEW low CVE-2019-13032 FlightCrew: null-pointer dereference in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments [epel-7]
1728972 NEW medium CVE-2019-13224 oniguruma: use-after-free in onig_new_deluxe() in regext.c [epel-7]
1729831 NEW medium CVE-2019-13132 zeromq: stack-overflow on any server protected by encryption/authentication [epel-all]
1730647 NEW low CVE-2019-13453 zipios++: zipios: mishandling of malformed ZIP files causing denial of service [epel-all]
1732228 NEW low CVE-2019-12214 freeimage: out-of-bounds access in function j2k_read_ppm_v3 in j2k.c [epel-all]
1732234 NEW low CVE-2019-12213 freeimage: stack exhaustion in function TIFFReadDirectory in PluginTIFF.cpp [epel-all]
1732243 NEW low CVE-2019-12212 freeimage: stack exhaustion in function StreamCalcIFDSize in JXRMeta.c [epel-all]
1735377 NEW low CVE-2019-10188 moodle: Quiz group overrides did not observe groups membership or accessallgroups [epel-all]
1735379 NEW low CVE-2019-10187 moodle: Ability to delete glossary entries that belong to another glossary [epel-all]
1735381 NEW medium CVE-2019-10186 moodle: missing sesskey (CSRF) token in loading/unloading xml files [epel-all]
1735574 NEW medium CVE-2019-14452 sigil: allows attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry [epel-7]
1735705 NEW low CVE-2019-1010302 jhead: incorrect access control in iptc.c Line 122 show_IPTC() causing denial of service [epel-all]
1735769 NEW medium CVE-2019-14232 python-django16: Django: backtracking in a regular expression in django.utils.text.Truncator leads to DoS [epel-7]
1735773 NEW medium CVE-2019-14233 python-django16: Django: the behavior of the underlying HTMLParser leading to DoS [epel-7]
1735782 NEW medium CVE-2019-14235 python-django16: Django: Potential memory exhaustion in django.utils.encoding.uri_to_iri() [epel-7]
1739385 NEW high CVE-2019-5059 SDL2_image: an exploitable code execution in the XPM image rendering leads to integer overflow [epel-7]
1739394 NEW high CVE-2019-5058 SDL2_image: exploitable code execution vulnerability in image rendering leads to a heap overflow [epel-7]
1739403 NEW high CVE-2019-5057 SDL2_image: exploitable code execution in the PCX image-rendering leads to heap overflow [epel-7]
1739410 NEW high CVE-2019-5060 SDL2_image: exploitable code execution in the XPM image rendering leads to an integer overflow in the colorhash function [epel-7]
1739502 NEW high CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties [epel-all]
1740141 NEW high CVE-2019-14744 kdelibs3: kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction [epel-7]
1743151 NEW medium CVE-2019-14939 nodejs-mysql: LOAD DATA LOCAL INFILE option is open by default [epel-all]
1749172 NEW medium CVE-2019-14537 yourls: juggling vulnerability in api component leads tp login bypass [epel-all]
1754006 NEW high CVE-2019-13616 SDL2: SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c [epel-7]
1754602 NEW medium CVE-2019-12222 SDL2: SDL: out-of-bounds read in function SDL_InvalidateMap in video/SDL_pixels.c [epel-7]
1754615 NEW medium CVE-2019-13626 SDL2: SDL: integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c leads to heap-based buffer over-read in Fill_IMA_ADPCM_block [epel-all]
1758521 NEW medium CVE-2019-14553 edk2: invalid server certificate accepted in HTTPS-over-IPv6 boot [epel-all]
1763231 NEW medium CVE-2019-16935 python34: python: XSS vulnerability in the documentation XML-RPC server in server_title field [epel-all]
1764609 NEW medium CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol [epel-7]
1764614 NEW medium CVE-2019-0205 thrift: Endless loop when feed with specific input data [epel-7]
1764820 NEW medium CVE-2019-16115 xpdf: stack-based buffer under-read in IdentityFunction::transform in Function.cc [epel-all]
1765139 NEW medium CVE-2019-18348 python34: python: CRLF injection via the host part of the url passed to urlopen() [epel-all]
1765721 NEW medium CVE-2019-17545 gdal: double free in OGRExpatRealloc in ogr/ogr_expat.cpp [epel-all]
1767277 NEW medium CVE-2019-11281 rabbitmq-server: improper sanitization of vhost limits and federation management UI pages [epel-all]
1767619 NEW medium CVE-2019-16088 xpdf: many recursive calls to Catalog::countPageTree in Catalog.cc lead to SIGSEGV [epel-all]
1768999 NEW medium CVE-2019-16163 oniguruma: stack exhaustion in regcomp.c because of recursion in regparse.c [epel-7]
1769548 ON_QA medium CVE-2019-17533 matio: improper null termination in Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [epel-7]
1769671 NEW low CVE-2017-8284 qemu: privilege escalation via disas_insn function in TCG mode [epel-7]
1771893 ON_QA medium CVE-2019-18849 tnef: security bypass in .ssh/authorized_keys file via an e-mail message [epel-all]
1773751 NEW low CVE-2019-12068 qemu: scsi: lsi: potential infinite loop when executing script in lsi_execute_script [epel-7]
1774226 NEW low CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [epel-7]
1775215 NEW medium CVE-2019-17362 libtomcrypt: out-of-bounds read in the der_decode_utf8_string function in der_decode_utf8_string.c [epel-all]
1776256 NEW low CVE-2019-18622 phpMyAdmin: a crafted database/table name can be used to trigger an SQL injection attack through the designer feature [epel-all]
1776438 NEW medium CVE-2019-16220 wordpress: validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect [epel-7]
1776439 NEW medium CVE-2019-16220 wordpress: validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect [epel-7]
1777538 NEW low CVE-2019-19246 oniguruma: heap-based buffer overflow in str_lower_case_match in regexec.c [epel-7]
1777866 NEW medium CVE-2019-16224 python-lmdb: out-of-bounds write when setting a wrong value of field md_flag [epel-7]
1778148 NEW low CVE-2018-18074 python3-virtualenv: python-requests: Redirect from HTTPS to HTTP does not remove Authorization header [epel-7]
1778743 NEW medium CVE-2019-16927 xpdf: out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc [epel-all]
1778796 NEW medium CVE-2019-16225 python-lmdb: out-of-bounds write when setting a wrong value of field mp_flags [epel-all]
1781271 NEW medium CVE-2019-19118 python-django: django: privilege escalation in the django admin [epel-7]
1786636 NEW medium CVE-2019-16226 python-lmdb: out-of-bounds write in mdb_node_del in lib/mdb.c [epel-all]
1786642 NEW medium CVE-2019-16227 python-lmdb: out-of-bounds write in mdb_xcursor_init1 in lib/mdb.c [epel-all]
1786645 NEW medium CVE-2019-16228 python-lmdb: division by zero in mdb_env_open2 in lib/mdb.c [epel-all]
1788303 NEW low CVE-2019-16777 nodejs: npm: Global node_modules Binary Overwrite [epel-all]
1788307 NEW low CVE-2019-16775 nodejs: npm: Symlink reference outside of node_modules folder through the bin field upon installation [epel-all]
1788311 NEW low CVE-2019-16776 nodejs: npm: Arbitrary file write via constructed entry in the package.json bin field [epel-all]
1788386 NEW medium CVE-2019-14880 moodle: Add additional verification for some OAuth 2 logins to prevent account compromise [epel-all]
1788392 NEW medium CVE-2019-14881 moodle: Blind XSS reflected in some locations where user email is displayed [epel-all]
1788395 NEW low CVE-2019-14882 moodle: Open redirect in Lesson edit page [epel-all]
1788398 NEW low CVE-2019-14883 moodle: Email media URL tokens were not checking for user status [epel-all]
1788402 NEW medium CVE-2019-14884 moodle: reflected XSS possible from some fatal error messages [epel-all]
1788404 NEW medium CVE-2019-14879 moodle: Assigned Role in Cohort did not un-assign on removal [epel-all]
1788428 NEW urgent CVE-2019-19844 python-django16: Django: crafted email address allows account takeover [epel-7]
1789951 NEW high CVE-2019-19953 GraphicsMagick: heap-based buffer overflow in EncodeImage in coders/pict.c [epel-all]
1789962 NEW low CVE-2019-19919 nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads [epel-7]
1790272 MODIFIED medium CVE-2019-20379 ganglia: ganglia-web: Cross-site scripting via the header.php cs parameter [epel-all]
1790275 MODIFIED medium CVE-2019-20378 ganglia: ganglia-web: Cross-site scripting via the header.php ce parameter [epel-all]
1791978 NEW high CVE-2019-19951 GraphicsMagick: heap-based buffer overflow in function ImportRLEPixels in coders/miff.c [epel-all]
1792008 ON_QA low CVE-2019-20019 matio: excessive memory allocation in Mat_VarRead5 in mat5.c [epel-7]
1792295 ON_QA medium CVE-2019-20020 matio: stack-based buffer overflow in ReadNextStructField in mat5.c [epel-7]
1792303 ON_QA medium CVE-2019-20018 matio: stack-based buffer overflow in ReadNextCell in mat5.c [epel-7]
1792336 ON_QA medium CVE-2019-20017 matio: stack-based buffer overflow in Mat_VarReadNextInfo5 in mat5.c [epel-7]
1792348 NEW low CVE-2019-20093 podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [epel-7]
1793172 NEW medium CVE-2019-19950 GraphicsMagick: use-after-free in ThrowException and ThrowLoggedException in magick/error.c [epel-all]
1794541 NEW medium CVE-2020-6625 jhead: heap-based buffer overflow in Get32s when called from ProcessGpsInfo in gpsinfo.c [epel-all]
1794544 NEW medium CVE-2020-6624 jhead: heap-based buffer overflow in process_DQT in jpgqguess.c [epel-all]
1794727 ON_QA medium CVE-2019-20052 matio: memory leak in Mat_VarCalloc in mat.c [epel-7]
1796911 NEW high CVE-2019-20326 gthumb: heap-based buffer overflow in _cairo_image_surface_create_from_jpeg in extensions/cairo_io/cairo-image-surface-jpeg.c [epel-7]
1797463 NEW medium CVE-2019-14495 3proxy: out-of-bounds write in admin interface [epel-7]
1798518 NEW high CVE-2020-7471 python-django: django: potential SQL injection via StringAgg(delimiter) [epel-7]
1801260 NEW medium CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [epel-all]
1801268 NEW medium CVE-2019-14559 edk2: memory leak in ArpOnFrameRcvdDpc [epel-all]
1801270 NEW medium CVE-2019-14575 edk2: DxeImageVerificationHandler() fails open in case of dbx signature check [epel-all]
1801382 NEW medium CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation [epel-7]
1801598 NEW medium CVE-2020-1692 moodle: users' web service tokens exposed to users in the same course [epel-all]
1802053 NEW medium CVE-2019-19012 oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read [epel-7]
1802063 NEW medium CVE-2019-19203 oniguruma: heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c [epel-7]
1802072 NEW medium CVE-2019-19204 oniguruma: heap-based buffer over-read in function fetch_interval_quantifier in regparse.c [epel-7]
1805939 NEW medium CVE-2013-3722 opensips: infinite loop in lookup.c [epel-7]
1808090 NEW medium CVE-2019-20478 python-ruamel-yaml: code execution through load() method with an untrusted argument [epel-all]
1810095 NEW medium CVE-2020-9402 python-django16: django: potential SQL injection via "tolerance" parameter in GIS functions and aggregates on Oracle [epel-7]
1812405 NEW low CVE-2020-5258 dojo: Prototype pollution in deepCopy method could result in code injection [epel-all]
1812641 NEW medium CVE-2019-20509 python-libarchive: libarchive: heap-based buffer overflow in archive_read_support_format_lha.c due to insufficient validation of UTF-16 input [epel-7]
1813347 NEW medium CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload [epel-7]
1813932 NEW medium CVE-2020-5202 apt-cacher-ng: local unprivileged user can impersonate the apt-cacher-ng daemon leading to credentials leak [epel-7]
1816101 NEW medium CVE-2020-10804 phpMyAdmin: SQL vulnerability was found in retrieval of the current username which could result privilege escalation [epel-all]
1816132 NEW medium CVE-2020-10803 phpMyAdmin: Inserting specially crafted code in database tables, retrieving and displaying resuts could result in XSS [epel-all]
1816145 NEW medium CVE-2020-10802 phpMyAdmin: SQL injection was found in generating certain queries for search actions which could result in malicious D M [epel-all]
1816158 NEW medium CVE-2019-10784 phpPgAdmin: database.php does not verify the source of an HTTP request which could lead to a CSRF exploit [epel-all]
1816348 NEW medium CVE-2019-11939 thrift: Resource exhaustion via containers sizes messages [epel-7]
1819670 NEW low CVE-2020-12829 qemu: OOB read and write due to integer overflow in sm501_2d_operation() in hw/display/sm501.c [epel-7]
1820624 NEW medium CVE-2020-6817 python-bleach: behavior parsing style attributes could result in a regular expression denial of service (ReDoS) [epel-all]
1820658 NEW high CVE-2020-11105 cereal: std::shared_ptr serialization asymmetry [epel-7]
1820669 NEW low CVE-2020-11104 cereal: serializing long double variables leaks uninitialized memory [epel-7]
1821776 NEW low CVE-2020-8015 exim: Symlink Following could result in privilege escalation [epel-all]
1823506 NEW medium CVE-2020-5291 bubblewrap: privilege escalation in some kernel configurations [epel-7]
1824186 NEW medium CVE-2020-11656 sqlite2: sqlite: use-after-free in the ALTER TABLE implementation [epel-all]
1826276 NEW medium CVE-2020-6802 python-bleach: mutation XSS vulnerability [epel-all]
1827473 NEW medium CVE-2020-10809 hdf5: Heap-based buffer overflow in function Decompress() in decompress.c [epel-all]
1827477 NEW medium CVE-2020-10810 hdf5: Null pointer dereference in function H5AC_unpin_entry() in H5AC.c [epel-all]
1827481 NEW medium CVE-2020-10811 hdf5: Heap-based buffer over-read in function H5O__layout_decode() in H5Olayout.c [epel-all]
1827483 NEW medium CVE-2020-10812 hdf5: Null pointer dereference in function H5F_get_nrefs() in H5Fquery.c [epel-all]
1827494 NEW medium CVE-2020-6816 python-bleach: Mutation cross-site scripting in bleach.clean [epel-all]
1828407 NEW medium CVE-2020-11022 js-jquery1: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method [epel-7]
1828410 NEW medium CVE-2020-11022 js-jquery: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method [epel-7]
1828411 NEW medium CVE-2020-11022 python-XStatic-jQuery: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method [epel-7]
1828412 NEW medium CVE-2020-11022 python-tw2-jquery: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method [epel-7]
1828439 NEW medium CVE-2019-18823 condor: htcondor: Incorrect access control in condor_startd [epel-7]
1828444 NEW low CVE-2020-10997 percona-xtrabackup: Information exposure via cmd line output and table history [epel-7]
1829194 NEW medium CVE-2019-20787 teeworlds: there's an integer overflow when computing a tilemap size [epel-7]
1829303 NEW high CVE-2020-10938 GraphicsMagick: integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c [epel-all]
1829538 NEW medium CVE-2020-12066 teeworlds: allows an attacker force the server to repetitively shut down [epel-7]
1831011 NEW medium CVE-2019-10785 dojo: cross-site scripting via dojox.xmpp.util.xmlEncode [epel-all]
1831658 NEW low CVE-2020-10814 codeblocks: A buffer overflow vulnerability in codeblocks could result in arbitrary code execution [epel-all]
1833342 NEW medium CVE-2019-14586 edk2: potential use-after-free due to the original configuration runtime memory is freed but it is still exposed to the OS runtime [epel-all]
1833349 NEW medium CVE-2019-14558 edk2: potentially leaking of secret information due to uncleared memory [epel-all]
1833354 NEW medium CVE-2019-14587 edk2: double-unmap issue in SdMmcCreateTrb function in MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c [epel-all]
1834490 NEW medium CVE-2020-11033 glpi: any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User [epel-7]
1834493 NEW medium CVE-2020-11036 glpi: XSS in the comments of items in the knowledge base and via the User-Agent for administrators [epel-7]
1834500 NEW medium CVE-2020-11035 glpi: CSRF tokens are generated using an insecure algorithm [epel-7]
1834503 NEW medium CVE-2020-11034 glpi: bypass open redirect protection based on a regexp [epel-7]
1836215 NEW high CVE-2020-11521 freerdp: out-of-bounds write in planar.c [epel-all]
1836228 NEW high CVE-2020-11524 freerdp: out-of-bounds write in interleaved.c [epel-all]
1836236 NEW high CVE-2020-11523 freerdp: Integer overflow in region.c [epel-all]
1837583 NEW high CVE-2020-10738 moodle: remote code execution possible via SCORM packages (MSA-20-0006) [epel-all]
1838308 NEW high CVE-2020-11060 glpi: remote code execution via the backup functionality [epel-7]
1838511 NEW medium CVE-2020-8151 rubygem-activeresource: specially crafted requests to access data allows for an information disclosure [epel-7]
1838516 NEW medium CVE-2020-12672 GraphicsMagick: a heap-based buffer overflow in ReadMNGImage in coders/png.c [epel-all]
1839817 NEW medium CVE-2020-12872 yaws: yaws_config.erl loads obsolete TLS ciphers [epel-7]
1841200 NEW high CVE-2020-13398 freerdp: Out-of-bounds write in in crypto_rsa_common in libfreerdp/crypto/crypto.c [epel-all]
1843074 NEW high CVE-2020-8165 rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore [epel-7]
1843618 NEW medium CVE-2020-13254 python-django16: django: potential data leakage via malformed memcached keys [epel-7]
1843629 NEW medium CVE-2020-13596 python-django16: django: possible XSS via admin ForeignKeyRawIdWidget [epel-7]
1845263 NEW medium CVE-2020-8174 nodejs: memory corruption in napi_get_value_string_* functions [epel-all]
1845653 NEW high CVE-2020-13756 php-PHP-CSS-Parser: evaluation of uncontrolled data can result in remote code execution [epel-all]
1847615 NEW medium CVE-2018-21245 Pound: request smuggling via fudged headers [epel-all]
1848469 NEW medium CVE-2020-13614 axel: TLS implementation lacks hostname verification leading to possible confidentiality breach [epel-7]
1848843 NEW medium CVE-2020-13625 php-PHPMailer: output escaping could result in the file type being misinterpreted [epel-all]
1849024 NEW low CVE-2020-13152 amarok: remote user can create a specially crafted M3U file when loaded by the target user, will trigger a memory leak [epel-7]
1849143 NEW medium CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names [epel-all]
1850006 NEW medium CVE-2020-11023 js-jquery1: jquery: Untrusted code execution via
1850007 NEW medium CVE-2020-11023 python-XStatic-jQuery: jquery: Untrusted code execution via
1850008 NEW medium CVE-2020-11023 js-jquery: jquery: Untrusted code execution via
1850009 NEW medium CVE-2020-11023 python-tw2-jquery: jquery: Untrusted code execution via
1850120 NEW medium CVE-2020-7656 python-tw2-jquery: jquery: Cross-site scripting (XSS) via