Will It CVE Bugz With in epel8

Repo Status - Overall Status
Page updated: 2023-11-21 06:57

epel8

CVE Bugz

1824463	NEW	medium	CVE-2016-1000107 erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve [epel-8]
1835374	NEW	low	CVE-2020-12755 kio-extras: Unintended KWallet storage of a password [epel-8]
1906415	NEW	medium	CVE-2020-28086 pass: has a possibility of using a password for an unintended resource [epel-8]
1928801	NEW	medium	CVE-2020-24870 kf5-libkdcraw: LibRaw: stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp [epel-8]
1978781	NEW	low	CVE-2021-33844 sox: divide by zero crash in wav.c [epel-8]
1978783	NEW	low	CVE-2021-23172 sox: heap overflow in hcom.c [epel-8]
1978788	NEW	low	CVE-2021-23159 sox: heap based overflow in formats_i.c [epel-8]
1983088	NEW	low	CVE-2021-23210 sox: divide by zero in voc.c [epel-8]
1993269	NEW	medium	CVE-2021-3643 sox: buffer overflow read vulnerability [epel-8]
2007589	NEW	medium	CVE-2021-21239 python-pysaml2: An improper verification of cryptographic signature [epel-8]
2007593	NEW	medium	CVE-2021-21238 python-pysaml2: processing of invalid SAML XML documents [epel-8]
2020396	NEW	low	CVE-2021-30833 xar: unpacking a maliciously crafted archive may allow an attacker to write arbitrary files [epel-8]
2022107	NEW	medium	CVE-2021-42076 barrier: memory exhaustion in the server-side implementation and barrierc by sending long TCP messages [epel-8]
2022110	NEW	medium	CVE-2021-42075 barrier: server-side implementation does not correctly close file descriptors for established TCP connections [epel-8]
2023401	NEW	low	CVE-2021-41250 python-discord: by including any non-blacklisted URL moderation filters can be bypassed [epel-8]
2039343	NEW	medium	CVE-2022-0175 virglrenderer: memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak [epel-8]
2042612	NEW	medium	CVE-2022-22846 python-dnslib: client does not validate DNS transaction ID [epel-8]
2048607	NEW	medium	CVE-2022-0135 virglrenderer: out-of-bounds write in read_transfer_data() [epel-8]
2049579	NEW	low	CVE-2022-23607 python-treq: Exposure of Sensitive Information to an Unauthorized Actor [epel-8]
2054222	NEW	medium	CVE-2021-4115 polkit-qt: polkit: file descriptor leak allows an unprivileged user to cause a crash [epel-8]
2055870	NEW	low	CVE-2022-24986 kcron: Invalid temporary file handling [epel-8]
2058373	ON_QA	medium	CVE-2022-24599 audiofile: memory leak in printinfo.c [epel-8]
2059507	NEW	medium	CVE-2022-21712 python-twisted: dev-python/twisted: secret exposure in cross-origin redirects [epel-8]
2061806	NEW	medium	CVE-2022-0235 golang-github-prometheus: node-fetch: exposure of sensitive information to an unauthorized actor [epel-all]
2062720	NEW	medium	CVE-2022-0536 golang-github-prometheus: follow-redirects: Exposure of Sensitive Information via Authorization Header leak [epel-all]
2063874	NEW	medium	CVE-2022-24737 httpie: cookie exposure to third parties [epel-all]
2067346	NEW	medium	CVE-2022-21698 golang-github-prometheus-node-exporter: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-all]
2067347	NEW	medium	CVE-2022-21698 golang-github-prometheus: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-all]
2067349	NEW	medium	CVE-2022-21698 rclone: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-all]
2067350	NEW	medium	CVE-2022-21698 golang-github-prometheus-alertmanager: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8]
2067354	NEW	medium	CVE-2022-21698 golang-github-prometheus: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8]
2067355	NEW	medium	CVE-2022-21698 golang-github-prometheus-node-exporter: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8]
2067356	NEW	medium	CVE-2022-21698 rclone: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8]
2069008	NEW	medium	CVE-2022-24771 golang-github-prometheus: node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery [epel-all]
2069018	NEW	medium	CVE-2022-24772 golang-github-prometheus: node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery [epel-all]
2069036	NEW	medium	CVE-2022-24773 golang-github-prometheus: node-forge: Signature verification leniency in checking `DigestInfo` structure [epel-all]
2069347	NEW	low	CVE-2021-28278 jhead: Heap-based buffer overflow via the RemoveSectionType function in jpgfile.c [epel-all]
2069350	NEW	low	CVE-2021-28277 jhead: Buffer overflow via the RemoveUnknownSections function in jpgfile.c [epel-all]
2069353	NEW	low	CVE-2021-28276 jhead: in the ProcessCanonMakerNoteDir function in makernote.c [epel-all]
2069357	NEW	low	CVE-2021-28275 jhead: Buffer over read in the Get16u function in exif.c [epel-all]
2069392	NEW	high	CVE-2022-23608 pjproject: pjsip: possible infinite loop in dialob list [epel-8]
2070867	NEW	high	CVE-2018-25032 BackupPC-XS: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs [epel-all]
2074249	NEW	medium	CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [epel-all]
2074250	NEW	medium	CVE-2022-27191 rclone: golang: crash in a golang.org/x/crypto/ssh server [epel-all]
2074856	NEW	high	CVE-2022-28346 netbox: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() [epel-all]
2074868	NEW	high	CVE-2022-28347 netbox: Django: SQL injection via QuerySet.explain(options) on PostgreSQL [epel-all]
2075054	NEW	low	CVE-2022-1341 bwm-ng: Null write in the get_cmdln_options function in src/options.c [epel-all]
2075253	NEW	medium	CVE-2022-24785 golang-github-prometheus: Moment.js: Path traversal in moment.locale [epel-all]
2075278	NEW	medium	CVE-2022-24785 golang-github-prometheus: Moment.js: Path traversal in moment.locale [epel-all]
2076246	NEW	low	CVE-2022-26498 CVE-2022-26499 CVE-2022-26651 asterisk: multiple vulnerabilities [epel-all]
2076766	NEW	low	CVE-2022-1475 qt5-qtwebengine: ffmpeg: integer overflow in g729_parse() in llibavcodec/g729_parser.c [epel-all]
2079987	NEW	medium	CVE-2022-1515 matio: memory leak in Mat_VarReadNextInfo5() in mat5.c [epel-all]
2081600	NEW	medium	CVE-2022-27470 SDL2_ttf: sdf_ttf: Arbitrary memory overwrite occurs when loading glyphs and rendering text with a malformed TTF file [epel-all]
2082278	NEW	medium	CVE-2022-29824 qt5-qtwebengine: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write [epel-all]
2084682	NEW	medium	CVE-2022-24675 dnscrypt-proxy: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084683	NEW	medium	CVE-2022-24675 golang-github-prometheus: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084684	NEW	medium	CVE-2022-24675 golang-github-prometheus-alertmanager: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084685	NEW	medium	CVE-2022-24675 golang-github-prometheus-node-exporter: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084686	NEW	medium	CVE-2022-24675 golang-x-crypto: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084687	NEW	medium	CVE-2022-24675 golang-x-net: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084688	NEW	medium	CVE-2022-24675 golang-x-text: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084689	NEW	medium	CVE-2022-24675 golie: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084690	NEW	medium	CVE-2022-24675 micro: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084692	NEW	medium	CVE-2022-24675 rclone: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084693	NEW	medium	CVE-2022-24675 reg: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084695	NEW	medium	CVE-2022-24675 snapd: golang: encoding/pem: fix stack overflow in Decode [epel-8]
2084862	NEW	medium	CVE-2022-28327 dnscrypt-proxy: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084863	NEW	medium	CVE-2022-28327 golang-github-prometheus: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084864	NEW	medium	CVE-2022-28327 golang-github-prometheus-alertmanager: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084866	NEW	medium	CVE-2022-28327 golang-x-crypto: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084867	NEW	medium	CVE-2022-28327 golang-x-net: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084868	NEW	medium	CVE-2022-28327 golang-x-text: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084869	NEW	medium	CVE-2022-28327 golie: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084870	NEW	medium	CVE-2022-28327 micro: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084872	NEW	medium	CVE-2022-28327 rclone: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084873	NEW	medium	CVE-2022-28327 reg: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084875	NEW	medium	CVE-2022-28327 snapd: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2084877	NEW	medium	CVE-2022-28327 yubihsm-connector: golang: crypto/elliptic: panic caused by oversized scalar [epel-8]
2093308	NEW	medium	CVE-2022-30783 ntfs-3g-system-compression: ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic [epel-all]
2093315	NEW	medium	CVE-2022-30784 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value [epel-all]
2093323	NEW	medium	CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [epel-all]
2093327	NEW	medium	CVE-2022-30786 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate [epel-all]
2093336	NEW	medium	CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [epel-all]
2093343	NEW	medium	CVE-2022-30788 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc [epel-all]
2093353	NEW	medium	CVE-2022-30789 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array [epel-all]
2093363	NEW	medium	CVE-2021-46790 ntfs-3g-system-compression: ntfs-3g: heap-based buffer overflow in ntfsck [epel-all]
2094686	NEW	medium	CVE-2021-40426 sox: heap-based buffer overflow vulnerability exists in the sphere.c start_read() function [epel-8]
2094698	NEW	medium	CVE-2022-31650 sox: a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a [epel-8]
2094701	NEW	medium	CVE-2022-31651 sox: an assertion failure in rate_init in rate.c in libsox.a [epel-8]
2094721	NEW	medium	CVE-2022-31212 dbus-broker: a stack buffer over-read if a malicious Exec line is supplied [epel-8]
2094724	NEW	medium	CVE-2022-31213 dbus-broker: null pointer reference when supplying a malformed XML config file [epel-8]
2099405	NEW	medium	CVE-2022-32983 knot-resolver: DNS cache poisoning [epel-all]
2103121	NEW	low	CVE-2022-33108 xpdf: a stack overflow vulnerability via the Object::Copy class of object.cc [epel-all]
2106227	NEW	medium	CVE-2022-30550 dovecot-fts-xapian: dovecot: Privilege escalation possible in dovecot when similar master and non-master passdbs are used [epel-8]
2106239	NEW	medium	CVE-2022-0430 httpie: Exposure of Sensitive Information to an Unauthorized Actor [epel-all]
2110324	NEW	medium	CVE-2022-35737 qt5-qtwebengine: sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4 [epel-8]
2112231	NEW	low	CVE-2022-34749 python-mistune: mistune: catastrophic backtracking [epel-all]
2115431	NEW	high	CVE-2022-29154 rsync-bpc: rsync: remote arbitrary files write inside the directories of connecting peers [epel-all]
2116655	NEW	medium	CVE-2022-37434 BackupPC-XS: zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field [epel-8]
2119152	NEW	medium	CVE-2022-2469 libgsasl: Out of bounds read causes DoS [epel-8]
2120257	NEW	medium	CVE-2022-2787 schroot: denial of service in schroot [epel-all]
2121133	NEW	medium	CVE-2016-3709 qt5-qtwebengine: libxml2: Incorrect server side include parsing can lead to XSS [epel-8]
2122475	NEW	low	CVE-2020-35525 qt5-qtwebengine: sqlite: Null pointer derreference in src/select.c [epel-all]
2122484	NEW	medium	CVE-2020-35527 qt5-qtwebengine: sqlite: Out of bounds access during table rename [epel-all]
2123457	NEW	low	CVE-2022-25887 golang-github-prometheus: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS [epel-all]
2123623	NEW	low	CVE-2022-3035 python-snipeit: possible XSS on dashboard and login note [epel-all]
2124784	NEW	medium	CVE-2022-38528 assimp: contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. [epel-all]
2126813	NEW	medium	CVE-2021-40647 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all]
2126815	NEW	medium	CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all]
2126995	NEW	medium	CVE-2021-43138 breeze-icon-theme: async: Prototype Pollution in async [epel-8]
2128048	NEW	medium	CVE-2022-39209 python-cmarkgfm: cmark-gfm: Unbounded resource exhaustion may lead to denial of service [epel-8]
2128837	NEW	medium	CVE-2022-38928 xpdf: Null Pointer Dereference in FoFiType1C [epel-all]
2128881	NEW	medium	CVE-2022-3173 python-snipeit: improper authentication in license files and API keys [epel-8]
2128979	NEW	medium	CVE-2022-40023 python-pecan: mako: REDoS in Lexer class [epel-all]
2130858	NEW	medium	CVE-2022-38222 xpdf: use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf [epel-all]
2134316	NEW	medium	CVE-2022-21222 golang-github-prometheus: css-what: ReDoS due to insecure regular expression [epel-all]
2135441	NEW	medium	CVE-2022-3517 breeze-icon-theme: nodejs-minimatch: ReDoS via the braceExpand function [epel-all]
2135442	NEW	medium	CVE-2022-3517 golang-github-prometheus: nodejs-minimatch: ReDoS via the braceExpand function [epel-all]
2135648	NEW	medium	CVE-2022-38248 nagios: multiple cross-site scripting (XSS) vulnerabilities at auditlog.php [epel-all]
2135651	NEW	medium	CVE-2022-38249 nagios: cross-site scripting (XSS) vulnerability via the MTR component [epel-all]
2135657	NEW	medium	CVE-2022-38247 nagios: cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel [epel-all]
2135660	NEW	medium	CVE-2022-38251 nagios: cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel [epel-all]
2136003	NEW	medium	CVE-2020-15853 supybot-fedora: anyone can run the "refresh" command [epel-all]
2136275	NEW	medium	CVE-2022-40303 qt5-qtwebengine: libxml2: integer overflows with XML_PARSE_HUGE [epel-all]
2136292	NEW	medium	CVE-2022-40304 qt5-qtwebengine: libxml2: dict corruption caused by entity reference cycles [epel-all]
2139125	NEW	medium	CVE-2022-20128 CVE-2022-3168 android-tools: directory traversal during adb pull [epel-all]
2139801	NEW	medium	CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977 CVE-2022-4198 CVE-2022-41988 CVE-2022-41999 OpenImageIO: Multiple Vulnerabilities [epel-all]
2140226	NEW	low	CVE-2021-34055 jhead: heap-buffer-overflow of exif.c [epel-all]
2140598	NEW	medium	CVE-2022-37603 golang-github-prometheus: loader-utils:Regular expression denial of service [epel-all]
2141803	NEW	urgent	CVE-2022-37026 erlang: erlang/otp: Client Authentication Bypass [epel-all]
2142451	NEW	high	CVE-2022-39353 breeze-icon-theme: xmldom: Allows multiple root elements in a DOM tree [epel-all]
2142543	NEW	low	CVE-2021-40241 xfig: buffer overflow in LANG in w_help.c [epel-8]
2142605	NEW	low	CVE-2022-3857 java-latest-openjdk: libpng: Null pointer dereference leads to segmentation fault [epel-8]
2142766	NEW	medium	CVE-2022-41882 nextcloud-client: desktop client can be tricked into opening/executing local files when clicking a nc://open/ link [epel-8]
2143411	NEW	low	CVE-2022-3964 CVE-2022-3965 qt5-qtwebengine: various flaws [epel-8]
2149437	NEW	medium	CVE-2022-46146 golang-github-prometheus: exporter-toolkit: authentication bypass via cache poisoning [epel-all]
2149438	NEW	medium	CVE-2022-46146 golang-github-prometheus-node-exporter: exporter-toolkit: authentication bypass via cache poisoning [epel-all]
2149439	NEW	medium	CVE-2022-46146 golang-github-prometheus-alertmanager: exporter-toolkit: authentication bypass via cache poisoning [epel-all]
2150944	NEW	low	CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [epel-8]
2150950	NEW	medium	CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [epel-8]
2151099	NEW	medium	CVE-2022-24999 breeze-icon-theme: express: "qs" prototype poisoning causes the hang of the node process [epel-8]
2151101	NEW	medium	CVE-2022-24999 qpid-dispatch: express: "qs" prototype poisoning causes the hang of the node process [epel-8]
2151129	NEW	low	CVE-2022-39331 nextcloud-client: XSS in Desktop Client in the notifications [epel-8]
2151130	NEW	low	CVE-2022-39332 nextcloud-client: XSS in Desktop Client via user status and information [epel-8]
2151131	NEW	low	CVE-2022-39333 nextcloud-client: XSS in Desktop Client in call notification popup [epel-8]
2151133	NEW	low	CVE-2022-39334 nextcloud-client: nextcloudcmd incorrectly trusts bad TLS certificates [epel-8]
2154846	NEW	low	CVE-2022-3109 qt5-qtwebengine: FFmpeg: Null Pointer Dereference [epel-8]
2155596	NEW	low	CVE-2022-23537 pjproject: net-libs/pjproject: heap buffer overread [epel-all]
2156017	NEW	medium	CVE-2022-43601 OpenImageIO: heap buffer overflow due to ImageOutput [epel-all]
2156018	NEW	medium	CVE-2022-43600 OpenImageIO: heap buffer overflow due to ImageOutput [epel-all]
2156022	NEW	medium	CVE-2022-41649 OpenImageIO: heap out of bounds read vulnerability [epel-all]
2156025	NEW	medium	CVE-2022-41837 OpenImageIO: out-of-bounds write vulnerability [epel-all]
2156028	NEW	medium	CVE-2022-43603 OpenImageIO: denial of service vulnerability [epel-all]
2156032	NEW	medium	CVE-2022-41981 OpenImageIO: stack-based buffer overflow vulnerability [epel-all]
2156105	NEW	medium	CVE-2022-23547 pjproject: buffer overread [epel-all]
2157057	NEW	medium	CVE-2022-3341 qt5-qtwebengine: ffmpeg: null pointer dereference in decode_main_header() in libavformat/nutdec.c [epel-all]
2157282	NEW	medium	CVE-2022-47952 lxc: information disclosure vulnerability [epel-all]
2158360	NEW	medium	CVE-2022-44940 patchelf: an out-of-bounds read via the function modifyRPath [epel-all]
2161246	NEW	medium	CVE-2022-48257 et: EternalTerminal: information exposure [epel-8]
2161249	NEW	medium	CVE-2022-48258 et: MisterTea/EternalTerminal: information exposure [epel-8]
2162188	NEW	medium	CVE-2022-41721 golang-x-net: x/net/http2/h2c: request smuggling [epel-8]
2162371	NEW	medium	CVE-2022-46175 micro: json5: Prototype Pollution in JSON5 via Parse Method [epel-8]
2163041	NEW	medium	CVE-2022-41717 dnscrypt-proxy: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163043	NEW	medium	CVE-2022-41717 golang-github-prometheus: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163044	NEW	medium	CVE-2022-41717 golang-github-prometheus-alertmanager: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163045	NEW	medium	CVE-2022-41717 golang-github-prometheus-node-exporter: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163046	NEW	medium	CVE-2022-41717 golie: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163047	NEW	medium	CVE-2022-41717 micro: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163049	NEW	medium	CVE-2022-41717 rclone: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163050	NEW	medium	CVE-2022-41717 reg: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163051	NEW	medium	CVE-2022-41717 restic: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163053	NEW	medium	CVE-2022-41717 snapd: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163055	NEW	medium	CVE-2022-41717 yubihsm-connector: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163541	NEW	high	CVE-2022-3064 golie: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [epel-all]
2163688	NEW	medium	CVE-2022-45639 sleuthkit: OS command injection vulnerability in "-m" parameter [epel-all]
2163907	NEW	medium	CVE-2022-47021 opusfile: NULL pointer dereference in op_get_data() and op_open1() in opusfile.c [epel-all]
2164023	NEW	medium	CVE-2022-45748 assimp: use-after-free in ColladaParser::ExtractDataObjectFromChannel function in code/AssetLib/Collada/ColladaParser.cpp [epel-all]
2164715	NEW	medium	CVE-2022-44571 rubygem-rack: denial of service in Content-Disposition parsing [epel-8]
2164720	NEW	medium	CVE-2022-44570 rubygem-rack: denial of service in Content-Disposition parsing [epel-8]
2164723	NEW	medium	CVE-2022-44572 rubygem-rack: denial of service in Content-Disposition parsing [epel-8]
2169386	NEW	medium	CVE-2022-46648 rubygem-git: ruby-git: code injection vulnerability [epel-8]
2170773	NEW	medium	CVE-2023-23558 et: EternalTerminal: TelemetryService uses fixed paths in /tmp [epel-8]
2171914	NEW	low	CVE-2023-24809 nethack: buffer overflow in the "C" command [epel-8]
2172134	NEW	medium	CVE-2021-32142 digikam: LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp [epel-all]
2172418	NEW	high	CVE-2022-26061 hdf5: HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability [epel-all]
2172421	NEW	high	CVE-2022-25972 hdf5: HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability [epel-all]
2172425	NEW	high	CVE-2022-25942 hdf5: HDF5 Group libhdf5 gif2h5 out-of-bounds read vulnerability [epel-all]
2172784	NEW	medium	CVE-2021-33367 freeimage: denial of service via a crafted JXR file [epel-all]
2173073	NEW	medium	CVE-2022-31031 pjproject: pjsip: stack buffer overflow [epel-all]
2173075	NEW	medium	CVE-2022-39244 pjproject: pjsip: buffer overflow in he PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser [epel-all]
2173702	NEW	medium	CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 asterisk: pjsip: Multiple vulnerabilities [epel-all]
2173703	NEW	urgent	CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 pjproject: pjsip: Multiple vulnerabilities [epel-all]
2173707	NEW	medium	CVE-2021-438450 CVE-2021-438451 CVE-2022-217221 CVE-2022-247541 CVE-2022-247542 CVE-2022-247631 CVE-2022-247633 CVE-2022-247641 CVE-2022-247644 CVE-2022-247931 CVE-2022-247935 asterisk: pjsip: Multiple Vulnerabilities [epel-all]
2174318	NEW	medium	CVE-2023-27371 proxysql: libmicrohttpd: remote DoS [epel-all]
2176479	NEW	medium	CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing [epel-all]
2178397	NEW	medium	CVE-2022-41723 dnscrypt-proxy: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178399	NEW	medium	CVE-2022-41723 golang-github-prometheus: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178400	NEW	medium	CVE-2022-41723 golang-github-prometheus-alertmanager: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178401	NEW	medium	CVE-2022-41723 golang-github-prometheus-node-exporter: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178403	NEW	medium	CVE-2022-41723 golang-x-net: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178405	NEW	medium	CVE-2022-41723 rclone: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178406	NEW	medium	CVE-2022-41723 reg: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178407	NEW	medium	CVE-2022-41723 restic: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178841	NEW	high	CVE-2023-27585 pjproject: pjsip: buffer overflow vulnerability [epel-all]
2178899	NEW	medium	CVE-2022-46908 qt5-qtwebengine: sqlite: safe mode authorizer callback allows disallowed UDFs [epel-all]
2179652	NEW	medium	CVE-2023-27539 rubygem-rack: denial of service in header parsing [epel-all]
2180113	NEW	medium	CVE-2023-28371 stellarium: arbitrary file write [epel-all]
2180878	NEW	low	CVE-2023-1576 p7zip: Heap buffer overflow in ZipIn.cpp [epel-all]
2182279	NEW	medium	CVE-2022-3116 heimdal: NULL pointer dereference using a crafted negTokenInit token [epel-all]
2182590	NEW	low	CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8]
2182602	NEW	low	CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8]
2182843	NEW	high	CVE-2022-48434 qt5-qtwebengine: ffmpeg: Use after free in libavcodec/pthread_frame.c [epel-all]
2184678	NEW	medium	CVE-2023-29323 opensmtpd: ascii_load_sockaddr can abort upon a connection from a local scoped IPv6 address [epel-all]
2184906	NEW	low	CVE-2023-25823 gradio: user could access other users shared Gradio demos [epel-8]
2185105	NEW	low	CVE-2023-22845 CVE-2023-24472 CVE-2023-24473 OpenImageIO: multiple vulnerabilities [epel-all]
2185521	NEW	low	CVE-2023-24626 screen: allows sending SIGHUP to arbitrary PIDs [epel-8]
2185867	NEW	low	CVE-2021-43311 CVE-2021-43312 CVE-2021-43313 CVE-2021-43314 CVE-2021-43315 CVE-2021-43316 CVE-2021-43317 upx: various flaws [epel-all]
2185952	NEW	low	CVE-2023-28999 nextcloud-client: nextloucd-client: malicious server administrator can gain full access to an end-to-end encrypted folder [epel-all]
2185986	NEW	medium	CVE-2023-29469 qt5-qtwebengine: libxml2: Hashing of empty dict strings isn't deterministic [epel-all]
2185998	NEW	medium	CVE-2023-28484 qt5-qtwebengine: libxml2: NULL dereference in xmlSchemaFixupComplexType [epel-all]
2186432	NEW	medium	CVE-2023-2004 java-latest-openjdk: freetype: integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c [epel-all]
2186846	NEW	medium	CVE-2023-29584 libmp4v2: Heap buffer overflow [epel-all]
2187907	NEW	medium	CVE-2023-30608 python-sqlparse: sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) [epel-all]
2188276	NEW	medium	CVE-2023-1729 digikam: LibRaw: a heap-buffer-overflow in raw2image_ex() [epel-all]
2188526	NEW	low	CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8]
2189105	NEW	high	CVE-2021-46878 fluent-bit: type confusion causing use-after-free in flb_pack_msgpack_to_json_format [epel-8]
2189109	NEW	high	CVE-2021-46879 fluent-bit: heap overflow in flb_msgpack_gelf_value_ext [epel-8]
2191663	NEW	low	CVE-2023-26934 xpdf: denial of service via a crafted PDF file in Object::copy() in xpdf/Object.cc [epel-all]
2191665	NEW	low	CVE-2023-26935 xpdf: buffer overflow via a crafted PDF file in SharedFile::readBlock() in xpdf/Stream.cc [epel-all]
2191670	NEW	low	CVE-2023-26936 xpdf: buffer overflow via a crafted PDF file in gmalloc() in goo/gmem.cc [epel-all]
2191671	NEW	low	CVE-2023-26937 xpdf: buffer overflow via a crafted PDF file in GString::resize() in goo/GString.cc [epel-all]
2191677	NEW	low	CVE-2023-26938 xpdf: buffer overflow via a crafted PDF file in gfseek() in goo/gfile.cc [epel-all]
2192678	NEW	low	CVE-2023-26930 xpdf: buffer overflow via a crafted PDF file [epel-all]
2192686	NEW	low	CVE-2023-26931 xpdf: buffer overflow via a crafted PDF file in TextLine::TextLine() in xpdf/TextOutputDev.cc [epel-all]
2203457	NEW	low	CVE-2023-2662 xpdf: bad color space object in input leads to divide-by-zero [epel-all]
2203460	NEW	low	CVE-2023-2663 xpdf: infinite recursion loop leads to stack overflow [epel-all]
2203463	NEW	low	CVE-2023-2664 xpdf: loop in embedded file tree leads to infinite recursion [epel-all]
2207610	NEW	medium	CVE-2021-31239 qt5-qtwebengine: sqlite: denial of service via the appendvfs.c function [epel-all]
2209311	NEW	medium	CVE-2022-37599 golang-github-prometheus: loader-utils: regular expression denial of service in interpolateName.js [epel-all]
2210201	NEW	medium	CVE-2023-28370 python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations. [epel-8]
2210368	NEW	medium	CVE-2023-33720 libmp4v2: memory leak [epel-all]
2210478	NEW	low	CVE-2023-26129 bwm-ng: Command Injection [epel-all]
2210853	NEW	medium	CVE-2021-21366 breeze-icon-theme: xmldom: incorrect parsing and serialization leads to unexpected behavior [epel-8]
2211077	NEW	low	CVE-2023-26130 et: cpp-httplib: CRLF Injection [epel-all]
2211085	NEW	low	CVE-2023-34204 imapsync: insecure /tmp usage [epel-all]
2211109	NEW	medium	CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8]
2215197	NEW	medium	CVE-2023-34565 netbox: vulnerable to Cross Site Scripting (XSS) [epel-all]
2216894	NEW	medium	CVE-2023-26115 golang-github-prometheus: word-wrap: ReDoS [epel-all]
2216940	NEW	low	TRIAGE-CVE-2023-36191 qt5-qtwebengine: sqlite: CLI fault on missing -nonce [epel-all]
2217042	NEW	medium	CVE-2023-32758 python-git-url-parse: ReDoS via untrusted URLs [epel-all]
2218073	NEW	low	CVE-2023-3436 xpdf: deadlock on a PDF object stream [epel-all]
2218381	NEW	medium	CVE-2023-3430 OpenImageIO: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp [epel-all]
2219518	NEW	medium	CVE-2023-36183 OpenImageIO: heap-buffer-overflow in ICOInput::readimg() in icoinput.cpp [epel-all]
2220673	NEW	medium	CVE-2023-26136 breeze-icon-theme: tough-cookie: prototype pollution in cookie memstore [epel-all]
2220674	NEW	medium	CVE-2023-26136 golang-github-prometheus: tough-cookie: prototype pollution in cookie memstore [epel-all]
2220677	NEW	medium	CVE-2023-26136 yarnpkg: tough-cookie: prototype pollution in cookie memstore [epel-all]
2221027	NEW	medium	TRIAGE-CVE-2023-25399 espresso: scipy: refcounting issue leads to potential memory leak [epel-8]
2221053	NEW	medium	TRIAGE-CVE-2023-29824 espresso: scipy: use-after-free in Py_FindObjects() function [epel-8]
2221257	NEW	low	TRIAGE-CVE-2023-31606 rubygem-RedCloth: RedCloth: Regular expression denial of service in sanitize_html function [epel-all]
2221274	NEW	medium	CVE-2021-33796 mujs: Use-after-free in regexp source property access [epel-all]
2222350	NEW	high	CVE-2022-38900 yarnpkg: decode-uri-component: improper input validation resulting in DoS [epel-8]
2222507	NEW	medium	CVE-2022-25883 breeze-icon-theme: nodejs-semver: Regular expression denial of service [epel-all]
2222508	NEW	medium	CVE-2022-25883 golang-github-prometheus: nodejs-semver: Regular expression denial of service [epel-all]
2222512	NEW	medium	CVE-2022-25883 yarnpkg: nodejs-semver: Regular expression denial of service [epel-all]
2222777	NEW	low	CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c [epel-all]
2222781	NEW	low	CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c [epel-all]
2222917	NEW	medium	CVE-2023-3044 xpdf: divide by zero vulnerability [epel-all]
2223821	NEW	low	TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8]
2228050	NEW	low	CVE-2023-3817 openssl3: OpenSSL: Excessive time spent checking DH q parameter value [epel-all]
2229579	NEW	medium	CVE-2023-3978 golang-x-net: golang.org/x/net/html: Cross site scripting [epel-all]
2229581	NEW	medium	CVE-2023-3978 rclone: golang.org/x/net/html: Cross site scripting [epel-all]
2230283	NEW	medium	TRIAGE-CVE-2021-37501 hdf5: heap buffer overread [epel-8]
2231391	NEW	high	CVE-2023-37625 netbox: Stored cross-site scripting in Custom Link templates [epel-all]
2231423	NEW	medium	CVE-2023-28711 hyperscan: Insufficient control flow management [epel-all]
2232823	NEW	low	CVE-2023-4413 rkhunter: info leak via log files [epel-all]
2234737	NEW	medium	CVE-2021-46312 djvulibre: divide by zero in IW44EncodeCodec.cpp [epel-8]
2234740	NEW	medium	CVE-2021-46310 djvulibre: divide by zero in IW44Image.cpp [epel-8]
2234827	NEW	medium	CVE-2020-21679 GraphicsMagick: heap buffer overflow in WritePCXImage() [epel-all]
2235159	NEW	medium	CVE-2022-47069 p7zip: Heap buffer overflow in NArchive::NZip::CInArchive::FindCd [epel-all]
2235164	NEW	medium	CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic [epel-8]
2235277	NEW	medium	CVE-2020-22628 digikam: libraw: Out of bounds read in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp [epel-all]
2235357	NEW	medium	CVE-2020-22524 freeimage: buffer overflow in FreeImage_Load() in Plugin.cpp [epel-all]
2235405	NEW	medium	CVE-2020-21426 freeimage: buffer overflow in C_IStream::read() in PluginEXR.cpp [epel-all]
2235408	NEW	medium	CVE-2020-18781 audiofile: a Denial of Service via crafted file [epel-8]
2235413	NEW	medium	CVE-2020-21427 freeimage: buffer overflow in LoadPixelDataRLE8() in PluginBMP.cpp [epel-all]
2235416	NEW	medium	CVE-2020-21428 freeimage: buffer overflow in LoadRGB() in PluginDDS.cpp [epel-all]
2235421	NEW	high	CVE-2020-24292 freeimage: buffer overflow in load() in PluginICO.cpp [epel-all]
2235427	NEW	high	CVE-2020-24293 freeimage: buffer overflow in psdThumbnail::Read() in PSDParser.cpp [epel-all]
2235429	NEW	medium	CVE-2020-24294 freeimage: buffer overflow in psdParser::UnpackRLE() in PSDParser.cpp [epel-all]
2235433	NEW	high	CVE-2020-24295 freeimage: buffer overflow in ReadImageLine() in PSDParser.cpp [epel-all]
2235439	NEW	medium	CVE-2021-40262 freeimage: stack exhaustion via Validate() in PluginRAW.cpp [epel-all]
2235443	NEW	high	CVE-2021-40263 freeimage: buffer overflow via Load() in PluginTIFF.cpp [epel-all]
2235446	NEW	medium	CVE-2021-40264 freeimage: NULL pointer dereference via FreeImage_CloneTag() in inFreeImageTag.cpp [epel-all]
2235451	NEW	high	CVE-2021-40265 freeimage: buffer overflow in Load() in PluginJPEG.cpp [epel-all]
2235455	NEW	medium	CVE-2021-40266 freeimage: NULL pointer dereference in ReadPalette() in PluginTIFF.cpp [epel-all]
2235657	NEW	medium	CVE-2022-48570 cryptopp: timing side channel in ECDSA signature generation [epel-all]
2235859	NEW	high	CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [epel-all]
2235862	NEW	high	CVE-2023-40889 zbar: buffer overflow via crafted qr code [epel-all]
2236891	NEW	high	CVE-2023-1523 snapd: code exec via TIOCLINUX ioctl request [epel-all]
2237421	NEW	medium	CVE-2023-4540 lua-http: lua-http: lua-http library allows Excessive Allocation and a denial of service (DoS) attack [epel-all]
2237869	NEW	medium	CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [epel-all]
2239445	NEW	medium	CVE-2020-18232 hdf5: Buffer Overflow in function H5S_close in H5S.c [epel-all]
2240220	NEW	medium	CVE-2023-36234 netbox: XSS via Name field in device-roles/add function [epel-8]
2240716	NEW	medium	CVE-2020-18494 hdf5: Buffer overflow in function H5S_close at H5S.c [epel-all]
2241100	NEW	high	CVE-2023-40481 p7zip: SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability [epel-all]
2241102	NEW	high	CVE-2023-31102 p7zip: 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability [epel-all]
2241258	NEW	high	CVE-2023-5217 qt5-qtwebengine: libvpx: Heap buffer overflow in vp8 encoding in libvpx [epel-all]
2241775	NEW	medium	TRIAGE-CVE-2023-5341 ImageMagick: Heap use-after-free in coders/bmp.c [epel-all]
2241809	NEW	high	CVE-2023-44488 qt5-qtwebengine: TRIAGE-CVE-2023-44488 libvpx: crash related to VP9 encoding [epel-all]
2242180	NEW	medium	CVE-2023-43665 python-django3: python-django: Denial-of-service possibility in django.utils.text.Truncator [epel-8]
2242356	NEW	high	CVE-2022-24764 pjproject: PJSIP contains a stack buffer overflow vulnerability that affects PJSUA2 users [epel-all]
2242460	NEW	high	CVE-2023-43907 optipng: global buffer overflow via the 'buffer' variable at gifread.c. [epel-all]
2242527	NEW	high	CVE-2023-38703 pjproject: pjsip: Use-after-free in SRTP media transport [epel-all]
2244559	NEW	medium	CVE-2023-45853 BackupPC-XS: TRIAGE-CVE-2023-45853 zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 [epel-all]
2244936	NEW	low	CVE-2023-46009 gifsicle: floating point exception vulnerability via resize_stream at src/xform.c [epel-all]
2245339	NEW	medium	CVE-2023-46277 rust-pleaser: privilege escalation using ioctls TIOCSTI and TIOCLINUX [epel-all]
2246108	NEW	medium	CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 assimp: various flaws [epel-8]
2246114	NEW	medium	CVE-2023-45666 CVE-2023-45667 assimp: various flaws [epel-8]
2246483	NEW	medium	CVE-2021-30474 aom: use-after-free in aom_film_grain_table_lookup() in grain_table.c [epel-all]
2246491	NEW	medium	TRIAGE CVE-2018-25091 duplicity: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all]
2246494	NEW	medium	TRIAGE CVE-2018-25091 python-hvac: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all]
2246495	NEW	medium	TRIAGE CVE-2018-25091 python-smart-gardena: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all]
2246496	NEW	medium	TRIAGE CVE-2018-25091 python38-hvac: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all]
2246567	NEW	low	CVE-2023-45322 qt5-qtwebengine: libxml2: use-after-free in xmlUnlinkNode() in tree.c [epel-all]
2246579	NEW	medium	CVE-2023-45142 caddy: opentelemetry-go-contrib: DoS vulnerability in otelhttp [epel-all]
2246628	NEW	high	CVE-2023-46234 golang-github-prometheus: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [epel-all]
2246630	NEW	high	CVE-2023-46234 yarnpkg: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [epel-all]
2246967	NEW	medium	CVE-2023-46407 qt5-qtwebengine: FFmpeg: out of bounds read [epel-all]
2246973	NEW	medium	CVE-2023-46490 cacti: SQL Injection [epel-all]
2247631	NEW	medium	CVE-2023-5764 ansible: Template Injection [epel-all]
2247745	NEW	medium	CVE-2023-42299 OpenImageIO: Buffer Overflow in OpenImageIO oiio [epel-all]
2248218	NEW	high	caddy: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248221	NEW	high	dnscrypt-proxy: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248222	NEW	high	golang-github-prometheus-alertmanager: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248223	NEW	high	golang-github-prometheus-node-exporter: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248224	NEW	high	golang-github-prometheus: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248226	NEW	high	golang-x-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248227	NEW	high	golie: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248229	NEW	high	micro: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248230	NEW	high	pack: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248231	NEW	high	rclone: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248232	NEW	high	reg: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248233	NEW	high	restic: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248235	NEW	high	snapd: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248238	NEW	high	yubihsm-connector: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248621	NEW	low	CVE-2023-5678 openssl3: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow [epel-8]
2248699	NEW	medium	TRIAGE CVE-2023-41040 GitPython: Blind local file inclusion [epel-all]
2249063	NEW	medium	CVE-2023-5363 openssl3: openssl: Incorrect cipher key and IV length processing [epel-8]
2249285	NEW	medium	TRIAGE CVE-2023-46695 python-django3: python-django: Potential denial of service vulnerability in UsernameField on Windows [epel-all]
2250065	NEW	medium	CVE-2023-44821 gifsicle: denial of service in Gif_Realloc calls [epel-all]
2250164	NEW	low	CVE-2023-48052 httpie: Missing SSL certificate validation [epel-all]
2250327	NEW	medium	CVE-2023-46445 python-asyncssh: Rogue Extension Negotiation [epel-8]
2250330	NEW	high	CVE-2023-46446 python-asyncssh: Rogue Session Attack [epel-8]
2250614	NEW	medium	CVE-2023-47627 python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all]
2250616	NEW	medium	CVE-2023-47627 python-afsapi: python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all]
2250617	NEW	medium	CVE-2023-47627 python-discord: python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all]
2250618	NEW	medium	CVE-2023-47627 python-idna-ssl: python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all]
2250776	MODIFIED	high	CVE-2023-6112 chromium: chromium-browser: Use after free in Navigation [epel-all]
2250778	MODIFIED	high	CVE-2023-5997 chromium: chromium-browser: use-after-free in Garbage Collection [epel-all]