Repo Status -
Overall Status
Page updated: 2024-12-18 07:36
1824463 | NEW | medium | CVE-2016-1000107 erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve [epel-8] |
1835374 | NEW | low | CVE-2020-12755 kio-extras: Unintended KWallet storage of a password [epel-8] |
1906415 | NEW | medium | CVE-2020-28086 pass: has a possibility of using a password for an unintended resource [epel-8] |
1928801 | NEW | medium | CVE-2020-24870 kf5-libkdcraw: LibRaw: stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp [epel-8] |
1978781 | NEW | low | CVE-2021-33844 sox: divide by zero crash in wav.c [epel-8] |
1978783 | NEW | low | CVE-2021-23172 sox: heap overflow in hcom.c [epel-8] |
1978788 | NEW | low | CVE-2021-23159 sox: heap based overflow in formats_i.c [epel-8] |
1983088 | NEW | low | CVE-2021-23210 sox: divide by zero in voc.c [epel-8] |
1993269 | NEW | medium | CVE-2021-3643 sox: buffer overflow read vulnerability [epel-8] |
2007589 | NEW | medium | CVE-2021-21239 python-pysaml2: An improper verification of cryptographic signature [epel-8] |
2007593 | NEW | medium | CVE-2021-21238 python-pysaml2: processing of invalid SAML XML documents [epel-8] |
2020396 | NEW | low | CVE-2021-30833 xar: unpacking a maliciously crafted archive may allow an attacker to write arbitrary files [epel-8] |
2022107 | NEW | medium | CVE-2021-42076 barrier: memory exhaustion in the server-side implementation and barrierc by sending long TCP messages [epel-8] |
2022110 | NEW | medium | CVE-2021-42075 barrier: server-side implementation does not correctly close file descriptors for established TCP connections [epel-8] |
2023401 | NEW | low | CVE-2021-41250 python-discord: by including any non-blacklisted URL moderation filters can be bypassed [epel-8] |
2039343 | NEW | medium | CVE-2022-0175 virglrenderer: memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak [epel-8] |
2048607 | NEW | medium | CVE-2022-0135 virglrenderer: out-of-bounds write in read_transfer_data() [epel-8] |
2054222 | NEW | medium | CVE-2021-4115 polkit-qt: polkit: file descriptor leak allows an unprivileged user to cause a crash [epel-8] |
2055870 | NEW | low | CVE-2022-24986 kcron: Invalid temporary file handling [epel-8] |
2059507 | NEW | medium | CVE-2022-21712 python-twisted: dev-python/twisted: secret exposure in cross-origin redirects [epel-8] |
2061806 | NEW | medium | CVE-2022-0235 golang-github-prometheus: node-fetch: exposure of sensitive information to an unauthorized actor [epel-all] |
2062720 | NEW | medium | CVE-2022-0536 golang-github-prometheus: follow-redirects: Exposure of Sensitive Information via Authorization Header leak [epel-all] |
2063874 | NEW | medium | CVE-2022-24737 httpie: cookie exposure to third parties [epel-all] |
2067346 | NEW | medium | CVE-2022-21698 golang-github-prometheus-node-exporter: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-all] |
2067347 | NEW | medium | CVE-2022-21698 golang-github-prometheus: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-all] |
2067349 | NEW | medium | CVE-2022-21698 rclone: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-all] |
2067350 | NEW | medium | CVE-2022-21698 golang-github-prometheus-alertmanager: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8] |
2067354 | NEW | medium | CVE-2022-21698 golang-github-prometheus: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8] |
2067355 | NEW | medium | CVE-2022-21698 golang-github-prometheus-node-exporter: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8] |
2067356 | NEW | medium | CVE-2022-21698 rclone: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [epel-8] |
2069008 | NEW | medium | CVE-2022-24771 golang-github-prometheus: node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery [epel-all] |
2069018 | NEW | medium | CVE-2022-24772 golang-github-prometheus: node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery [epel-all] |
2069036 | NEW | medium | CVE-2022-24773 golang-github-prometheus: node-forge: Signature verification leniency in checking `DigestInfo` structure [epel-all] |
2069347 | NEW | low | CVE-2021-28278 jhead: Heap-based buffer overflow via the RemoveSectionType function in jpgfile.c [epel-all] |
2069350 | NEW | low | CVE-2021-28277 jhead: Buffer overflow via the RemoveUnknownSections function in jpgfile.c [epel-all] |
2069353 | NEW | low | CVE-2021-28276 jhead: in the ProcessCanonMakerNoteDir function in makernote.c [epel-all] |
2069357 | NEW | low | CVE-2021-28275 jhead: Buffer over read in the Get16u function in exif.c [epel-all] |
2069392 | NEW | high | CVE-2022-23608 pjproject: pjsip: possible infinite loop in dialob list [epel-8] |
2070867 | NEW | high | CVE-2018-25032 BackupPC-XS: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs [epel-all] |
2074249 | NEW | medium | CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [epel-all] |
2074250 | NEW | medium | CVE-2022-27191 rclone: golang: crash in a golang.org/x/crypto/ssh server [epel-all] |
2074856 | NEW | high | CVE-2022-28346 netbox: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() [epel-all] |
2074868 | NEW | high | CVE-2022-28347 netbox: Django: SQL injection via QuerySet.explain(options) on PostgreSQL [epel-all] |
2075054 | NEW | low | CVE-2022-1341 bwm-ng: Null write in the get_cmdln_options function in src/options.c [epel-all] |
2075253 | NEW | medium | CVE-2022-24785 golang-github-prometheus: Moment.js: Path traversal in moment.locale [epel-all] |
2075278 | NEW | medium | CVE-2022-24785 golang-github-prometheus: Moment.js: Path traversal in moment.locale [epel-all] |
2076246 | NEW | low | CVE-2022-26498 CVE-2022-26499 CVE-2022-26651 asterisk: multiple vulnerabilities [epel-all] |
2076766 | NEW | low | CVE-2022-1475 qt5-qtwebengine: ffmpeg: integer overflow in g729_parse() in llibavcodec/g729_parser.c [epel-all] |
2079987 | NEW | medium | CVE-2022-1515 matio: memory leak in Mat_VarReadNextInfo5() in mat5.c [epel-all] |
2081600 | NEW | medium | CVE-2022-27470 SDL2_ttf: sdf_ttf: Arbitrary memory overwrite occurs when loading glyphs and rendering text with a malformed TTF file [epel-all] |
2082278 | NEW | medium | CVE-2022-29824 qt5-qtwebengine: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write [epel-all] |
2084682 | NEW | medium | CVE-2022-24675 dnscrypt-proxy: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084683 | NEW | medium | CVE-2022-24675 golang-github-prometheus: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084684 | NEW | medium | CVE-2022-24675 golang-github-prometheus-alertmanager: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084685 | NEW | medium | CVE-2022-24675 golang-github-prometheus-node-exporter: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084686 | NEW | medium | CVE-2022-24675 golang-x-crypto: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084687 | NEW | medium | CVE-2022-24675 golang-x-net: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084688 | NEW | medium | CVE-2022-24675 golang-x-text: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084689 | NEW | medium | CVE-2022-24675 golie: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084690 | NEW | medium | CVE-2022-24675 micro: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084692 | NEW | medium | CVE-2022-24675 rclone: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084693 | NEW | medium | CVE-2022-24675 reg: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084695 | NEW | medium | CVE-2022-24675 snapd: golang: encoding/pem: fix stack overflow in Decode [epel-8] |
2084862 | NEW | medium | CVE-2022-28327 dnscrypt-proxy: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084863 | NEW | medium | CVE-2022-28327 golang-github-prometheus: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084864 | NEW | medium | CVE-2022-28327 golang-github-prometheus-alertmanager: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084866 | NEW | medium | CVE-2022-28327 golang-x-crypto: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084867 | NEW | medium | CVE-2022-28327 golang-x-net: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084868 | NEW | medium | CVE-2022-28327 golang-x-text: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084869 | NEW | medium | CVE-2022-28327 golie: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084870 | NEW | medium | CVE-2022-28327 micro: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084872 | NEW | medium | CVE-2022-28327 rclone: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084873 | NEW | medium | CVE-2022-28327 reg: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084875 | NEW | medium | CVE-2022-28327 snapd: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2084877 | NEW | medium | CVE-2022-28327 yubihsm-connector: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] |
2093308 | NEW | medium | CVE-2022-30783 ntfs-3g-system-compression: ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic [epel-all] |
2093315 | NEW | medium | CVE-2022-30784 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value [epel-all] |
2093323 | NEW | medium | CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [epel-all] |
2093327 | NEW | medium | CVE-2022-30786 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate [epel-all] |
2093336 | NEW | medium | CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [epel-all] |
2093343 | NEW | medium | CVE-2022-30788 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc [epel-all] |
2093353 | NEW | medium | CVE-2022-30789 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array [epel-all] |
2093363 | NEW | medium | CVE-2021-46790 ntfs-3g-system-compression: ntfs-3g: heap-based buffer overflow in ntfsck [epel-all] |
2094686 | NEW | medium | CVE-2021-40426 sox: heap-based buffer overflow vulnerability exists in the sphere.c start_read() function [epel-8] |
2094698 | NEW | medium | CVE-2022-31650 sox: a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a [epel-8] |
2094701 | NEW | medium | CVE-2022-31651 sox: an assertion failure in rate_init in rate.c in libsox.a [epel-8] |
2099405 | NEW | medium | CVE-2022-32983 knot-resolver: DNS cache poisoning [epel-all] |
2103121 | NEW | low | CVE-2022-33108 xpdf: a stack overflow vulnerability via the Object::Copy class of object.cc [epel-all] |
2106239 | NEW | medium | CVE-2022-0430 httpie: Exposure of Sensitive Information to an Unauthorized Actor [epel-all] |
2110324 | NEW | medium | CVE-2022-35737 qt5-qtwebengine: sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4 [epel-8] |
2112231 | NEW | low | CVE-2022-34749 python-mistune: mistune: catastrophic backtracking [epel-all] |
2115431 | NEW | high | CVE-2022-29154 rsync-bpc: rsync: remote arbitrary files write inside the directories of connecting peers [epel-all] |
2116655 | NEW | medium | CVE-2022-37434 BackupPC-XS: zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field [epel-8] |
2119152 | NEW | medium | CVE-2022-2469 libgsasl: Out of bounds read causes DoS [epel-8] |
2120257 | NEW | medium | CVE-2022-2787 schroot: denial of service in schroot [epel-all] |
2121133 | NEW | medium | CVE-2016-3709 qt5-qtwebengine: libxml2: Incorrect server side include parsing can lead to XSS [epel-8] |
2122475 | NEW | low | CVE-2020-35525 qt5-qtwebengine: sqlite: Null pointer derreference in src/select.c [epel-all] |
2122484 | NEW | medium | CVE-2020-35527 qt5-qtwebengine: sqlite: Out of bounds access during table rename [epel-all] |
2123457 | NEW | low | CVE-2022-25887 golang-github-prometheus: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS [epel-all] |
2123623 | NEW | low | CVE-2022-3035 python-snipeit: possible XSS on dashboard and login note [epel-all] |
2124784 | NEW | medium | CVE-2022-38528 assimp: contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. [epel-all] |
2126813 | NEW | medium | CVE-2021-40647 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all] |
2126815 | NEW | medium | CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all] |
2126995 | NEW | medium | CVE-2021-43138 breeze-icon-theme: async: Prototype Pollution in async [epel-8] |
2128048 | NEW | medium | CVE-2022-39209 python-cmarkgfm: cmark-gfm: Unbounded resource exhaustion may lead to denial of service [epel-8] |
2128837 | NEW | medium | CVE-2022-38928 xpdf: Null Pointer Dereference in FoFiType1C [epel-all] |
2128881 | NEW | medium | CVE-2022-3173 python-snipeit: improper authentication in license files and API keys [epel-8] |
2128979 | NEW | medium | CVE-2022-40023 python-pecan: mako: REDoS in Lexer class [epel-all] |
2130858 | NEW | medium | CVE-2022-38222 xpdf: use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf [epel-all] |
2134316 | NEW | medium | CVE-2022-21222 golang-github-prometheus: css-what: ReDoS due to insecure regular expression [epel-all] |
2135441 | NEW | medium | CVE-2022-3517 breeze-icon-theme: nodejs-minimatch: ReDoS via the braceExpand function [epel-all] |
2135442 | NEW | medium | CVE-2022-3517 golang-github-prometheus: nodejs-minimatch: ReDoS via the braceExpand function [epel-all] |
2135648 | NEW | medium | CVE-2022-38248 nagios: multiple cross-site scripting (XSS) vulnerabilities at auditlog.php [epel-all] |
2135651 | NEW | medium | CVE-2022-38249 nagios: cross-site scripting (XSS) vulnerability via the MTR component [epel-all] |
2135657 | NEW | medium | CVE-2022-38247 nagios: cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel [epel-all] |
2135660 | NEW | medium | CVE-2022-38251 nagios: cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel [epel-all] |
2136003 | NEW | medium | CVE-2020-15853 supybot-fedora: anyone can run the "refresh" command [epel-all] |
2136275 | NEW | medium | CVE-2022-40303 qt5-qtwebengine: libxml2: integer overflows with XML_PARSE_HUGE [epel-all] |
2136292 | NEW | medium | CVE-2022-40304 qt5-qtwebengine: libxml2: dict corruption caused by entity reference cycles [epel-all] |
2139125 | NEW | medium | CVE-2022-20128 CVE-2022-3168 android-tools: directory traversal during adb pull [epel-all] |
2139801 | NEW | medium | CVE-2022-36354 CVE-2022-38143 CVE-2022-41639 CVE-2022-41684 CVE-2022-41794 CVE-2022-41838 CVE-2022-41977 CVE-2022-4198 CVE-2022-41988 CVE-2022-41999 OpenImageIO: Multiple Vulnerabilities [epel-all] |
2140226 | NEW | low | CVE-2021-34055 jhead: heap-buffer-overflow of exif.c [epel-all] |
2140598 | NEW | medium | CVE-2022-37603 golang-github-prometheus: loader-utils:Regular expression denial of service [epel-all] |
2141803 | NEW | urgent | CVE-2022-37026 erlang: erlang/otp: Client Authentication Bypass [epel-all] |
2142451 | NEW | high | CVE-2022-39353 breeze-icon-theme: xmldom: Allows multiple root elements in a DOM tree [epel-all] |
2142543 | NEW | low | CVE-2021-40241 xfig: buffer overflow in LANG in w_help.c [epel-8] |
2142605 | NEW | low | CVE-2022-3857 java-latest-openjdk: libpng: Null pointer dereference leads to segmentation fault [epel-8] |
2142766 | NEW | medium | CVE-2022-41882 nextcloud-client: desktop client can be tricked into opening/executing local files when clicking a nc://open/ link [epel-8] |
2143411 | NEW | low | CVE-2022-3964 CVE-2022-3965 qt5-qtwebengine: various flaws [epel-8] |
2149437 | NEW | medium | CVE-2022-46146 golang-github-prometheus: exporter-toolkit: authentication bypass via cache poisoning [epel-all] |
2149438 | NEW | medium | CVE-2022-46146 golang-github-prometheus-node-exporter: exporter-toolkit: authentication bypass via cache poisoning [epel-all] |
2149439 | NEW | medium | CVE-2022-46146 golang-github-prometheus-alertmanager: exporter-toolkit: authentication bypass via cache poisoning [epel-all] |
2150944 | NEW | low | CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [epel-8] |
2150950 | NEW | medium | CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [epel-8] |
2151099 | NEW | medium | CVE-2022-24999 breeze-icon-theme: express: "qs" prototype poisoning causes the hang of the node process [epel-8] |
2151101 | NEW | medium | CVE-2022-24999 qpid-dispatch: express: "qs" prototype poisoning causes the hang of the node process [epel-8] |
2151129 | NEW | low | CVE-2022-39331 nextcloud-client: XSS in Desktop Client in the notifications [epel-8] |
2151130 | NEW | low | CVE-2022-39332 nextcloud-client: XSS in Desktop Client via user status and information [epel-8] |
2151131 | NEW | low | CVE-2022-39333 nextcloud-client: XSS in Desktop Client in call notification popup [epel-8] |
2151133 | NEW | low | CVE-2022-39334 nextcloud-client: nextcloudcmd incorrectly trusts bad TLS certificates [epel-8] |
2154846 | NEW | low | CVE-2022-3109 qt5-qtwebengine: FFmpeg: Null Pointer Dereference [epel-8] |
2155596 | NEW | low | CVE-2022-23537 pjproject: net-libs/pjproject: heap buffer overread [epel-all] |
2156017 | NEW | medium | CVE-2022-43601 OpenImageIO: heap buffer overflow due to ImageOutput [epel-all] |
2156018 | NEW | medium | CVE-2022-43600 OpenImageIO: heap buffer overflow due to ImageOutput [epel-all] |
2156022 | NEW | medium | CVE-2022-41649 OpenImageIO: heap out of bounds read vulnerability [epel-all] |
2156025 | NEW | medium | CVE-2022-41837 OpenImageIO: out-of-bounds write vulnerability [epel-all] |
2156028 | NEW | medium | CVE-2022-43603 OpenImageIO: denial of service vulnerability [epel-all] |
2156032 | NEW | medium | CVE-2022-41981 OpenImageIO: stack-based buffer overflow vulnerability [epel-all] |
2156105 | NEW | medium | CVE-2022-23547 pjproject: buffer overread [epel-all] |
2157057 | NEW | medium | CVE-2022-3341 qt5-qtwebengine: ffmpeg: null pointer dereference in decode_main_header() in libavformat/nutdec.c [epel-all] |
2157282 | NEW | medium | CVE-2022-47952 lxc: information disclosure vulnerability [epel-all] |
2158360 | NEW | medium | CVE-2022-44940 patchelf: an out-of-bounds read via the function modifyRPath [epel-all] |
2162188 | NEW | medium | CVE-2022-41721 golang-x-net: x/net/http2/h2c: request smuggling [epel-8] |
2162371 | NEW | medium | CVE-2022-46175 micro: json5: Prototype Pollution in JSON5 via Parse Method [epel-8] |
2163041 | NEW | medium | CVE-2022-41717 dnscrypt-proxy: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163043 | NEW | medium | CVE-2022-41717 golang-github-prometheus: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163044 | NEW | medium | CVE-2022-41717 golang-github-prometheus-alertmanager: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163045 | NEW | medium | CVE-2022-41717 golang-github-prometheus-node-exporter: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163046 | NEW | medium | CVE-2022-41717 golie: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163047 | NEW | medium | CVE-2022-41717 micro: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163049 | NEW | medium | CVE-2022-41717 rclone: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163050 | NEW | medium | CVE-2022-41717 reg: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163051 | NEW | medium | CVE-2022-41717 restic: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163053 | NEW | medium | CVE-2022-41717 snapd: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163055 | NEW | medium | CVE-2022-41717 yubihsm-connector: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
2163541 | NEW | high | CVE-2022-3064 golie: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [epel-all] |
2163688 | NEW | medium | CVE-2022-45639 sleuthkit: OS command injection vulnerability in "-m" parameter [epel-all] |
2163907 | NEW | medium | CVE-2022-47021 opusfile: NULL pointer dereference in op_get_data() and op_open1() in opusfile.c [epel-all] |
2164023 | NEW | medium | CVE-2022-45748 assimp: use-after-free in ColladaParser::ExtractDataObjectFromChannel function in code/AssetLib/Collada/ColladaParser.cpp [epel-all] |
2164715 | NEW | medium | CVE-2022-44571 rubygem-rack: denial of service in Content-Disposition parsing [epel-8] |
2164720 | NEW | medium | CVE-2022-44570 rubygem-rack: denial of service in Content-Disposition parsing [epel-8] |
2164723 | NEW | medium | CVE-2022-44572 rubygem-rack: denial of service in Content-Disposition parsing [epel-8] |
2169386 | NEW | medium | CVE-2022-46648 rubygem-git: ruby-git: code injection vulnerability [epel-8] |
2170773 | NEW | medium | CVE-2023-23558 et: EternalTerminal: TelemetryService uses fixed paths in /tmp [epel-8] |
2172134 | NEW | medium | CVE-2021-32142 digikam: LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp [epel-all] |
2172418 | NEW | high | CVE-2022-26061 hdf5: HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability [epel-all] |
2172421 | NEW | high | CVE-2022-25972 hdf5: HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability [epel-all] |
2172425 | NEW | high | CVE-2022-25942 hdf5: HDF5 Group libhdf5 gif2h5 out-of-bounds read vulnerability [epel-all] |
2172784 | NEW | medium | CVE-2021-33367 freeimage: denial of service via a crafted JXR file [epel-all] |
2173073 | NEW | medium | CVE-2022-31031 pjproject: pjsip: stack buffer overflow [epel-all] |
2173075 | NEW | medium | CVE-2022-39244 pjproject: pjsip: buffer overflow in he PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser [epel-all] |
2173702 | NEW | medium | CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 asterisk: pjsip: Multiple vulnerabilities [epel-all] |
2173703 | NEW | urgent | CVE-2021-41141 CVE-2021-43845 CVE-2022-24754 CVE-2022-24763 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 pjproject: pjsip: Multiple vulnerabilities [epel-all] |
2173707 | NEW | medium | CVE-2021-438450 CVE-2021-438451 CVE-2022-217221 CVE-2022-247541 CVE-2022-247542 CVE-2022-247631 CVE-2022-247633 CVE-2022-247641 CVE-2022-247644 CVE-2022-247931 CVE-2022-247935 asterisk: pjsip: Multiple Vulnerabilities [epel-all] |
2174318 | NEW | medium | CVE-2023-27371 proxysql: libmicrohttpd: remote DoS [epel-all] |
2176479 | NEW | medium | CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing [epel-all] |
2178397 | NEW | medium | CVE-2022-41723 dnscrypt-proxy: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
2178399 | NEW | medium | CVE-2022-41723 golang-github-prometheus: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
2178400 | NEW | medium | CVE-2022-41723 golang-github-prometheus-alertmanager: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
2178401 | NEW | medium | CVE-2022-41723 golang-github-prometheus-node-exporter: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
2178405 | NEW | medium | CVE-2022-41723 rclone: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
2178406 | NEW | medium | CVE-2022-41723 reg: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
2178407 | NEW | medium | CVE-2022-41723 restic: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
2178841 | NEW | high | CVE-2023-27585 pjproject: pjsip: buffer overflow vulnerability [epel-all] |
2178899 | NEW | medium | CVE-2022-46908 qt5-qtwebengine: sqlite: safe mode authorizer callback allows disallowed UDFs [epel-all] |
2179652 | NEW | medium | CVE-2023-27539 rubygem-rack: denial of service in header parsing [epel-all] |
2180113 | NEW | medium | CVE-2023-28371 stellarium: arbitrary file write [epel-all] |
2180878 | NEW | low | CVE-2023-1576 p7zip: Heap buffer overflow in ZipIn.cpp [epel-all] |
2182279 | NEW | medium | CVE-2022-3116 heimdal: NULL pointer dereference using a crafted negTokenInit token [epel-all] |
2182843 | NEW | high | CVE-2022-48434 qt5-qtwebengine: ffmpeg: Use after free in libavcodec/pthread_frame.c [epel-all] |
2184906 | NEW | low | CVE-2023-25823 gradio: user could access other users shared Gradio demos [epel-8] |
2185105 | NEW | low | CVE-2023-22845 CVE-2023-24472 CVE-2023-24473 OpenImageIO: multiple vulnerabilities [epel-all] |
2185521 | NEW | low | CVE-2023-24626 screen: allows sending SIGHUP to arbitrary PIDs [epel-8] |
2185867 | NEW | low | CVE-2021-43311 CVE-2021-43312 CVE-2021-43313 CVE-2021-43314 CVE-2021-43315 CVE-2021-43316 CVE-2021-43317 upx: various flaws [epel-all] |
2185952 | NEW | low | CVE-2023-28999 nextcloud-client: nextloucd-client: malicious server administrator can gain full access to an end-to-end encrypted folder [epel-all] |
2185986 | NEW | medium | CVE-2023-29469 qt5-qtwebengine: libxml2: Hashing of empty dict strings isn't deterministic [epel-all] |
2185998 | NEW | medium | CVE-2023-28484 qt5-qtwebengine: libxml2: NULL dereference in xmlSchemaFixupComplexType [epel-all] |
2186846 | NEW | medium | CVE-2023-29584 libmp4v2: Heap buffer overflow [epel-all] |
2187907 | NEW | medium | CVE-2023-30608 python-sqlparse: sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) [epel-all] |
2188276 | NEW | medium | CVE-2023-1729 digikam: LibRaw: a heap-buffer-overflow in raw2image_ex() [epel-all] |
2191663 | NEW | low | CVE-2023-26934 xpdf: denial of service via a crafted PDF file in Object::copy() in xpdf/Object.cc [epel-all] |
2191665 | NEW | low | CVE-2023-26935 xpdf: buffer overflow via a crafted PDF file in SharedFile::readBlock() in xpdf/Stream.cc [epel-all] |
2191670 | NEW | low | CVE-2023-26936 xpdf: buffer overflow via a crafted PDF file in gmalloc() in goo/gmem.cc [epel-all] |
2191671 | NEW | low | CVE-2023-26937 xpdf: buffer overflow via a crafted PDF file in GString::resize() in goo/GString.cc [epel-all] |
2191677 | NEW | low | CVE-2023-26938 xpdf: buffer overflow via a crafted PDF file in gfseek() in goo/gfile.cc [epel-all] |
2192678 | NEW | low | CVE-2023-26930 xpdf: buffer overflow via a crafted PDF file [epel-all] |
2192686 | NEW | low | CVE-2023-26931 xpdf: buffer overflow via a crafted PDF file in TextLine::TextLine() in xpdf/TextOutputDev.cc [epel-all] |
2203457 | NEW | low | CVE-2023-2662 xpdf: bad color space object in input leads to divide-by-zero [epel-all] |
2203460 | NEW | low | CVE-2023-2663 xpdf: infinite recursion loop leads to stack overflow [epel-all] |
2203463 | NEW | low | CVE-2023-2664 xpdf: loop in embedded file tree leads to infinite recursion [epel-all] |
2207610 | NEW | medium | CVE-2021-31239 qt5-qtwebengine: sqlite: denial of service via the appendvfs.c function [epel-all] |
2209311 | NEW | medium | CVE-2022-37599 golang-github-prometheus: loader-utils: regular expression denial of service in interpolateName.js [epel-all] |
2210201 | NEW | medium | CVE-2023-28370 python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations. [epel-8] |
2210368 | NEW | medium | CVE-2023-33720 libmp4v2: memory leak [epel-all] |
2210478 | NEW | low | CVE-2023-26129 bwm-ng: Command Injection [epel-all] |
2210853 | NEW | medium | CVE-2021-21366 breeze-icon-theme: xmldom: incorrect parsing and serialization leads to unexpected behavior [epel-8] |
2211085 | NEW | low | CVE-2023-34204 imapsync: insecure /tmp usage [epel-all] |
2215197 | NEW | medium | CVE-2023-34565 netbox: vulnerable to Cross Site Scripting (XSS) [epel-all] |
2216894 | NEW | medium | CVE-2023-26115 golang-github-prometheus: word-wrap: ReDoS [epel-all] |
2216940 | NEW | low | TRIAGE-CVE-2023-36191 qt5-qtwebengine: sqlite: CLI fault on missing -nonce [epel-all] |
2217042 | NEW | medium | CVE-2023-32758 python-git-url-parse: ReDoS via untrusted URLs [epel-all] |
2218073 | NEW | low | CVE-2023-3436 xpdf: deadlock on a PDF object stream [epel-all] |
2218381 | NEW | medium | CVE-2023-3430 OpenImageIO: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp [epel-all] |
2219518 | NEW | medium | CVE-2023-36183 OpenImageIO: heap-buffer-overflow in ICOInput::readimg() in icoinput.cpp [epel-all] |
2220673 | NEW | medium | CVE-2023-26136 breeze-icon-theme: tough-cookie: prototype pollution in cookie memstore [epel-all] |
2220674 | NEW | medium | CVE-2023-26136 golang-github-prometheus: tough-cookie: prototype pollution in cookie memstore [epel-all] |
2221027 | NEW | medium | TRIAGE-CVE-2023-25399 espresso: scipy: refcounting issue leads to potential memory leak [epel-8] |
2221053 | NEW | medium | TRIAGE-CVE-2023-29824 espresso: scipy: use-after-free in Py_FindObjects() function [epel-8] |
2221257 | NEW | low | TRIAGE-CVE-2023-31606 rubygem-RedCloth: RedCloth: Regular expression denial of service in sanitize_html function [epel-all] |
2221274 | NEW | medium | CVE-2021-33796 mujs: Use-after-free in regexp source property access [epel-all] |
2222350 | NEW | high | CVE-2022-38900 yarnpkg: decode-uri-component: improper input validation resulting in DoS [epel-8] |
2222507 | NEW | medium | CVE-2022-25883 breeze-icon-theme: nodejs-semver: Regular expression denial of service [epel-all] |
2222508 | NEW | medium | CVE-2022-25883 golang-github-prometheus: nodejs-semver: Regular expression denial of service [epel-all] |
2222917 | NEW | medium | CVE-2023-3044 xpdf: divide by zero vulnerability [epel-all] |
2229581 | NEW | medium | CVE-2023-3978 rclone: golang.org/x/net/html: Cross site scripting [epel-all] |
2230283 | NEW | medium | TRIAGE-CVE-2021-37501 hdf5: heap buffer overread [epel-8] |
2231391 | NEW | high | CVE-2023-37625 netbox: Stored cross-site scripting in Custom Link templates [epel-all] |
2231423 | NEW | medium | CVE-2023-28711 hyperscan: Insufficient control flow management [epel-all] |
2232823 | NEW | low | CVE-2023-4413 rkhunter: info leak via log files [epel-all] |
2234827 | NEW | medium | CVE-2020-21679 GraphicsMagick: heap buffer overflow in WritePCXImage() [epel-all] |
2235159 | NEW | medium | CVE-2022-47069 p7zip: Heap buffer overflow in NArchive::NZip::CInArchive::FindCd [epel-all] |
2235164 | NEW | medium | CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic [epel-8] |
2235277 | NEW | medium | CVE-2020-22628 digikam: libraw: Out of bounds read in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp [epel-all] |
2235357 | NEW | medium | CVE-2020-22524 freeimage: buffer overflow in FreeImage_Load() in Plugin.cpp [epel-all] |
2235405 | NEW | medium | CVE-2020-21426 freeimage: buffer overflow in C_IStream::read() in PluginEXR.cpp [epel-all] |
2235408 | NEW | medium | CVE-2020-18781 audiofile: a Denial of Service via crafted file [epel-8] |
2235413 | NEW | medium | CVE-2020-21427 freeimage: buffer overflow in LoadPixelDataRLE8() in PluginBMP.cpp [epel-all] |
2235416 | NEW | medium | CVE-2020-21428 freeimage: buffer overflow in LoadRGB() in PluginDDS.cpp [epel-all] |
2235421 | NEW | high | CVE-2020-24292 freeimage: buffer overflow in load() in PluginICO.cpp [epel-all] |
2235427 | NEW | high | CVE-2020-24293 freeimage: buffer overflow in psdThumbnail::Read() in PSDParser.cpp [epel-all] |
2235429 | NEW | medium | CVE-2020-24294 freeimage: buffer overflow in psdParser::UnpackRLE() in PSDParser.cpp [epel-all] |
2235433 | NEW | high | CVE-2020-24295 freeimage: buffer overflow in ReadImageLine() in PSDParser.cpp [epel-all] |
2235439 | NEW | medium | CVE-2021-40262 freeimage: stack exhaustion via Validate() in PluginRAW.cpp [epel-all] |
2235443 | NEW | high | CVE-2021-40263 freeimage: buffer overflow via Load() in PluginTIFF.cpp [epel-all] |
2235446 | NEW | medium | CVE-2021-40264 freeimage: NULL pointer dereference via FreeImage_CloneTag() in inFreeImageTag.cpp [epel-all] |
2235451 | NEW | high | CVE-2021-40265 freeimage: buffer overflow in Load() in PluginJPEG.cpp [epel-all] |
2235455 | NEW | medium | CVE-2021-40266 freeimage: NULL pointer dereference in ReadPalette() in PluginTIFF.cpp [epel-all] |
2235657 | NEW | medium | CVE-2022-48570 cryptopp: timing side channel in ECDSA signature generation [epel-all] |
2235859 | NEW | high | CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [epel-all] |
2235862 | NEW | high | CVE-2023-40889 zbar: buffer overflow via crafted qr code [epel-all] |
2236891 | NEW | high | CVE-2023-1523 snapd: code exec via TIOCLINUX ioctl request [epel-all] |
2237421 | NEW | medium | CVE-2023-4540 lua-http: lua-http: lua-http library allows Excessive Allocation and a denial of service (DoS) attack [epel-all] |
2239445 | NEW | medium | CVE-2020-18232 hdf5: Buffer Overflow in function H5S_close in H5S.c [epel-all] |
2240220 | NEW | medium | CVE-2023-36234 netbox: XSS via Name field in device-roles/add function [epel-8] |
2240716 | NEW | medium | CVE-2020-18494 hdf5: Buffer overflow in function H5S_close at H5S.c [epel-all] |
2241100 | NEW | high | CVE-2023-40481 p7zip: SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability [epel-all] |
2241102 | NEW | high | CVE-2023-31102 p7zip: 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability [epel-all] |
2241258 | NEW | high | CVE-2023-5217 qt5-qtwebengine: libvpx: Heap buffer overflow in vp8 encoding in libvpx [epel-all] |
2241809 | NEW | high | CVE-2023-44488 qt5-qtwebengine: TRIAGE-CVE-2023-44488 libvpx: crash related to VP9 encoding [epel-all] |
2242356 | NEW | high | CVE-2022-24764 pjproject: PJSIP contains a stack buffer overflow vulnerability that affects PJSUA2 users [epel-all] |
2242460 | NEW | high | CVE-2023-43907 optipng: global buffer overflow via the 'buffer' variable at gifread.c. [epel-all] |
2242527 | NEW | high | CVE-2023-38703 pjproject: pjsip: Use-after-free in SRTP media transport [epel-all] |
2244559 | NEW | medium | CVE-2023-45853 BackupPC-XS: TRIAGE-CVE-2023-45853 zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 [epel-all] |
2245339 | NEW | medium | CVE-2023-46277 rust-pleaser: privilege escalation using ioctls TIOCSTI and TIOCLINUX [epel-all] |
2246491 | NEW | medium | TRIAGE CVE-2018-25091 duplicity: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
2246494 | NEW | medium | TRIAGE CVE-2018-25091 python-hvac: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
2246495 | NEW | medium | TRIAGE CVE-2018-25091 python-smart-gardena: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
2246496 | NEW | medium | TRIAGE CVE-2018-25091 python38-hvac: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
2246567 | NEW | low | CVE-2023-45322 qt5-qtwebengine: libxml2: use-after-free in xmlUnlinkNode() in tree.c [epel-all] |
2246579 | NEW | medium | CVE-2023-45142 caddy: opentelemetry-go-contrib: DoS vulnerability in otelhttp [epel-all] |
2246628 | NEW | high | CVE-2023-46234 golang-github-prometheus: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [epel-all] |
2246967 | NEW | medium | CVE-2023-46407 qt5-qtwebengine: FFmpeg: out of bounds read [epel-all] |
2246973 | NEW | medium | CVE-2023-46490 cacti: SQL Injection [epel-all] |
2247631 | NEW | medium | CVE-2023-5764 ansible: Template Injection [epel-all] |
2247745 | NEW | medium | CVE-2023-42299 OpenImageIO: Buffer Overflow in OpenImageIO oiio [epel-all] |
2248218 | NEW | high | caddy: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248221 | NEW | high | dnscrypt-proxy: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248222 | NEW | high | golang-github-prometheus-alertmanager: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248223 | NEW | high | golang-github-prometheus-node-exporter: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248224 | NEW | high | golang-github-prometheus: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248227 | NEW | high | golie: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248229 | NEW | high | micro: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248230 | NEW | high | pack: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248231 | NEW | high | rclone: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248232 | NEW | high | reg: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248233 | NEW | high | restic: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248235 | NEW | high | snapd: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248238 | NEW | high | yubihsm-connector: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
2248699 | NEW | medium | TRIAGE CVE-2023-41040 GitPython: Blind local file inclusion [epel-all] |
2250164 | NEW | low | CVE-2023-48052 httpie: Missing SSL certificate validation [epel-all] |
2250617 | NEW | medium | CVE-2023-47627 python-discord: python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all] |
2250618 | NEW | medium | CVE-2023-47627 python-idna-ssl: python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all] |
2251629 | MODIFIED | high | CVE-2023-30801 qbittorrent: default credentials allowed by default [epel-all] |
2251666 | NEW | medium | CVE-2022-37331 openbabel: Open Babel Gaussian format orientation out-of-bounds write vulnerability [epel-all] |
2251668 | NEW | medium | CVE-2022-41793 openbabel: Open Babel CSR format title out-of-bounds write vulnerability [epel-all] |
2251672 | NEW | high | CVE-2022-42885 openbabel: Open Babel GRO format res uninitialized pointer dereference vulnerability [epel-all] |
2251697 | NEW | high | CVE-2022-43467 openbabel: Open Babel PQS format coord_file out-of-bounds write vulnerability [epel-all] |
2251699 | NEW | high | CVE-2022-43607 openbabel: Open Babel MOL2 format attribute and value out-of-bounds write vulnerability [epel-all] |
2251704 | NEW | medium | CVE-2022-44451 openbabel: Open Babel MSI format atom uninitialized pointer dereference vulnerability [epel-all] |
2251707 | NEW | medium | CVE-2022-46280 openbabel: Open Babel PQS format pFormat uninitialized pointer dereference vulnerability [epel-all] |
2251712 | NEW | high | CVE-2022-46289 openbabel: Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities [epel-all] |
2251716 | NEW | medium | CVE-2022-46290 openbabel: Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities [epel-all] |
2251719 | NEW | high | CVE-2022-46291 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
2251722 | NEW | medium | CVE-2022-46292 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
2251725 | NEW | high | CVE-2022-46293 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
2251728 | NEW | medium | CVE-2022-46294 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
2251733 | NEW | medium | CVE-2022-46295 openbabel: Open Babel translationVectors parsing out-of-bounds write vulnerabilities [epel-all] |
2251849 | NEW | high | CVE-2020-20813 openvpn: DoS via crafted reset packet [epel-all] |
2252377 | NEW | medium | CVE-2023-46137 python-twisted: disordered HTTP pipeline response in twisted.web [epel-all] |
2252886 | NEW | high | TRIAGE CVE-2023-5332 golang-github-prometheus: consul: Command injection through script checks option [epel-all] |
2253442 | NEW | high | CVE-2023-45133 golang-github-prometheus: babel: arbitrary code execution [epel-all] |
2253971 | NEW | high | CVE-2023-49287 tinydir: stack-based buffer overflow in tinydir_file_open() [epel-all] |
2253974 | NEW | low | CVE-2023-49284 fish: command substitution output can trigger shell expansion [epel-all] |
2254562 | NEW | high | CVE-2023-41913 strongswan: buffer overflow [epel-all] |
2254626 | NEW | medium | TRIAGE CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan function [epel-all] |
2254631 | NEW | medium | TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [epel-all] |
2254634 | NEW | medium | TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [epel-all] |
2255041 | NEW | medium | CVE-2023-48795 dropbear: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
2255046 | NEW | medium | CVE-2023-48795 libssh2: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
2255067 | NEW | medium | CVE-2023-48795 pack: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
2255068 | NEW | medium | CVE-2023-48795 rclone: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
2255069 | NEW | medium | CVE-2023-48795 restic: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
2255128 | NEW | medium | TRIAGE CVE-2023-50979 cryptopp: side-channel leakage during decryption with PKCS#1v1.5 padding (Marvin) [epel-all] |
2255132 | NEW | medium | TRIAGE CVE-2023-50980 cryptopp: DoS via malformed DER public key file [epel-all] |
2255136 | NEW | medium | TRIAGE CVE-2023-50981 cryptopp: malformed DER public key file can trigger infinite loop condition [epel-all] |
2255158 | NEW | low | TRIAGE CVE-2023-6918 libssh2: libssh: Missing checks for return values for digests [epel-all] |
2255614 | NEW | low | CVE-2023-49356 mp3gain: stack-based buffer overflow via the WriteMP3GainAPETag() at apetag.c [epel-all] |
2255646 | NEW | medium | TRIAGE CVE-2023-50569 cacti: Reflected Cross Site Scripting (XSS) vulnerability in Cacti [epel-all] |
2255849 | NEW | medium | TRIAGE CVE-2023-51449 gradio: directory traversal vulnerability in '/file' route [epel-all] |
2255862 | NEW | medium | CVE-2023-48795 erlang: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
2256197 | NEW | medium | CVE-2023-7104 qt5-qtwebengine: sqlite: heap-buffer-overflow at sessionfuzz [epel-all] |
2256415 | NEW | medium | TRIAGE CVE-2023-26159 golang-github-prometheus: follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() [epel-all] |
2256795 | NEW | medium | CVE-2024-0222 qt5-qtwebengine: chromium: Use after free in ANGLE, compromised the renderer process to potentially exploit heap corruption via a crafted HTML page [epel-all] |
2256802 | NEW | medium | CVE-2024-0223 qt5-qtwebengine: chromium: heap corruption via a crafted HTML page in angle [epel-all] |
2256808 | NEW | medium | CVE-2024-0224 qt5-qtwebengine: chromium: heap corruption via a crafted HTML page in webaudio [epel-all] |
2256814 | NEW | medium | CVE-2024-0225 qt5-qtwebengine: chromium: heap corruption via a crafted HTML page in webgpu [epel-all] |
2257655 | NEW | medium | CVE-2023-47995 freeimage: Buffer Overflow vulnerability in FreeImage_AllocateBitmap [epel-all] |
2257656 | NEW | medium | CVE-2023-47993 freeimage: out-of-bound read vulnerability in ReadInt32 [epel-all] |
2257657 | NEW | medium | CVE-2023-47992 freeimage: integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc() [epel-all] |
2257658 | NEW | medium | CVE-2023-47994 freeimage: integer overflow in LoadPixelDataRLE4() function in PluginBMP.cpp [epel-all] |
2257659 | NEW | medium | CVE-2023-47996 freeimage: integer overflow in jpeg_read_exif_dir in Exif.cpp [epel-all] |
2257660 | NEW | medium | CVE-2023-47997 freeimage: infinite loop exits in Load in PluginTIFF.cpp [epel-all] |
2257827 | NEW | medium | CVE-2023-49295 caddy: quic-go: memory exhaustion attack against QUIC's path validation mechanism [epel-8] |
2257886 | NEW | low | CVE-2024-0232 qt5-qtwebengine: sqlite: use-after-free bug in jsonParseAddNodeArray [epel-all] |
2259781 | NEW | medium | TRIAGE CVE-2024-23342 python-ecdsa: vulnerable to the Minerva attack [epel-all] |
2259800 | NEW | high | CVE-2023-49568 pack: go-git: Maliciously crafted Git server replies can cause DoS on go-git clients [epel-8] |
2259812 | NEW | urgent | CVE-2023-49569 pack: go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients [epel-8] |
2259950 | NEW | low | TRIAGE CVE-2024-0727 openssl3: openssl: denial of service via null dereference [epel-all] |
2260375 | NEW | high | TRIAGE CVE-2023-52076 atril: Path traversal in Atril can lead to arbitrary file write and possible arbitrary code execution [epel-all] |
2260696 | NEW | medium | CVE-2024-22860 qt5-qtwebengine: FFmpeg: Integer overflow vulnerability in FFmpeg [epel-all] |
2260702 | NEW | medium | CVE-2024-22862 qt5-qtwebengine: FFmpeg: Integer overflow vulnerability in FFmpeg [epel-all] |
2260708 | NEW | medium | CVE-2024-22861 qt5-qtwebengine: FFmpeg: Integer overflow vulnerability in FFmpeg [epel-all] |
2261893 | NEW | medium | CVE-2024-23334 python-idna-ssl: aiohttp: follow_symlinks directory traversal vulnerability [epel-all] |
2263420 | NEW | medium | TRIAGE CVE-2024-25189 libjwt: auth bypass via timing side channel [epel-all] |
2263807 | NEW | low | CVE-2024-1433 plasma-workspace: KDE-Plasma-Workspace: path traversal vulnerability [epel-all] |
2264936 | NEW | urgent | CVE-2021-32563 Thunar: code execution while delegating to another program [epel-all] |
2265139 | NEW | medium | CVE-2023-46445 python-asyncssh: Rogue Extension Negotiation [epel-8] |
2265141 | NEW | high | CVE-2023-46446 python-asyncssh: Rogue Session Attack [epel-8] |
2265599 | NEW | medium | CVE-2024-25126 rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing [epel-all] |
2265600 | NEW | medium | CVE-2024-26141 rubygem-rack: Possible DoS Vulnerability with Range Header in Rack [epel-all] |
2265601 | NEW | medium | CVE-2024-26146 rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing [epel-all] |
2265683 | NEW | urgent | CVE-2023-42282 golang-github-prometheus: nodejs-ip: arbitrary code execution via the isPublic() function [epel-all] |
2266114 | NEW | medium | TRIAGE CVE-2024-21501 glances: sanitize-html: Information Exposure when used on the backend [epel-all] |
2266115 | NEW | medium | TRIAGE CVE-2024-21501 golang-github-prometheus: sanitize-html: Information Exposure when used on the backend [epel-all] |
2266276 | NEW | medium | CVE-2024-26455 fluent-bit: fluent-bit:Use-After-Free in /fluent-bit/plugins/custom_calyptia/calyptia.c [epel-all] |
2266571 | NEW | medium | CVE-2023-45857 ansible-collection-awx-awx: axios: exposure of confidential data stored in cookies [epel-all] |
2267264 | NEW | medium | TRIAGE CVE-2024-27285 puppet: yard: Cross-site scripting in the frams.erb template file [epel-all] |
2267266 | NEW | medium | TRIAGE CVE-2024-27285 rubygem-asciidoctor: yard: Cross-site scripting in the frams.erb template file [epel-all] |
2267267 | NEW | medium | TRIAGE CVE-2024-27285 rubygem-docile: yard: Cross-site scripting in the frams.erb template file [epel-all] |
2267271 | NEW | medium | TRIAGE CVE-2024-27285 rubygem-git: yard: Cross-site scripting in the frams.erb template file [epel-all] |
2267272 | NEW | medium | TRIAGE CVE-2024-27285 rubygem-public_suffix: yard: Cross-site scripting in the frams.erb template file [epel-all] |
2267726 | NEW | medium | CVE-2024-23836 suricata: crafted traffic can cause denial of service [epel-all] |
2268279 | NEW | medium | TRIAGE CVE-2024-27304 caddy: pgx: SQL Injection via Protocol Message Size Overflow [epel-all] |
2268467 | NEW | medium | TRIAGE CVE-2024-27289 caddy: pgx: SQL Injection via Line Comment Creation [epel-all] |
2268872 | NEW | medium | CVE-2024-28180 caddy: jose-go: improper handling of highly compressed data [epel-all] |
2269243 | NEW | high | TRIAGE CVE-2024-27758 python-rpyc: Remote attacker can craft a class, resulting in remote code execution [epel-all] |
2270034 | NEW | medium | CVE-2018-25099 libtomcrypt: gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag [epel-all] |
2270186 | NEW | high | CVE-2023-41334 python-astropy: Remote code execution in TranformGraph().to_dot_graph function [epel-all] |
2270602 | NEW | medium | CVE-2024-29018 pack: moby: external DNS requests from 'internal' networks could lead to data exfiltration [epel-all] |
2270721 | NEW | medium | TRIAGE CVE-2024-25062 qt5-qtwebengine: libxml2: use-after-free in XMLReader [epel-all] |
2270957 | NEW | medium | CVE-2024-28577 freeimage: Null Pointer Dereference in jpeg_read_exif_profile_raw() [epel-all] |
2270961 | NEW | medium | CVE-2024-28576 freeimage: buffer overflow in opj_j2k_tcp_destroy() [epel-all] |
2270965 | NEW | medium | CVE-2024-28575 freeimage: buffer overflow in opj_j2k_read_mct() [epel-all] |
2270978 | NEW | medium | CVE-2024-28573 freeimage: buffer overflow in peg_read_exif_profile() function when reading images in JPEG format [epel-all] |
2270979 | NEW | medium | CVE-2024-28572 freeimage: buffer overflow in FreeImage_SetTagValue() function when reading images in JPEG format [epel-all] |
2270982 | NEW | medium | CVE-2024-28571 freeimage: buffer overflow in fill_input_buffer() when reading images in JPEG format [epel-all] |
2270984 | NEW | medium | CVE-2024-28574 freeimage: buffer overflow in opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format [epel-all] |
2270987 | NEW | medium | CVE-2024-28570 freeimage: buffer overflow in processMakerNote() [epel-all] |
2270989 | NEW | medium | CVE-2024-28569 freeimage: buffer overflow in Imf_2_2::Xdr::read() when reading images in EXR format [epel-all] |
2270992 | NEW | medium | CVE-2024-28568 freeimage: buffer overflow in read_iptc_profile() function when reading images in TIFF format [epel-all] |
2271002 | NEW | medium | CVE-2024-28565 freeimage: buffer overflow in psdParser::ReadImageData() function when reading images in PSD format [epel-all] |
2271003 | NEW | medium | CVE-2024-28566 freeimage: buffer overflow in AssignPixel() function when reading images in TIFF format [epel-all] |
2271006 | NEW | medium | CVE-2024-28567 freeimage: Buffer Overflow in FreeImage_CreateICCProfile() function when reading images in TIFF format [epel-all] |
2271015 | NEW | medium | CVE-2024-28578 freeimage: buffer overflow in Load() function when reading images in RAS format [epel-all] |
2271016 | NEW | medium | CVE-2024-28579 freeimage: buffer overflow in FreeImage_Unload() function when reading images in HDR format [epel-all] |
2271025 | NEW | medium | CVE-2024-28580 freeimage: buffer overflow in ReadData() function when reading images in RAS format [epel-all] |
2271026 | NEW | medium | CVE-2024-28581 freeimage: buffer overflow in _assignPixel<>() function when reading images in TARGA format [epel-all] |
2271028 | NEW | medium | CVE-2024-28582 freeimage: buffer overflow in rgbe_RGBEToFloat() function when reading images in HDR format [epel-all] |
2271034 | NEW | medium | CVE-2024-28583 freeimage: buffer overflow in readLine() function when reading images in XPM format [epel-all] |
2271036 | NEW | medium | CVE-2024-28584 freeimage: null pointer dereference in J2KImageToFIBITMAP() function when reading images in J2K format [epel-all] |
2271040 | NEW | medium | CVE-2024-28562 freeimage: buffer overflow in Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format [epel-all] |
2271045 | NEW | medium | CVE-2024-28563 freeimage: buffer overflow in Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format [epel-all] |
2271046 | NEW | medium | CVE-2024-28564 freeimage: buffer overflow in Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format [epel-all] |
2271381 | NEW | medium | CVE-2024-2824 jhead: heap buffer overflow in PrintFormatNumber() can lead to segmentation fault [epel-all] |
2271760 | NEW | medium | CVE-2024-2206 gradio: route allows a user to proxy arbitrary urls including potential internal endpoints [epel-all] |
2271850 | NEW | urgent | CVE-2024-2883 qt5-qtwebengine: chromium: Use after free in ANGLE [epel-all] |
2271857 | NEW | high | CVE-2024-2885 qt5-qtwebengine: chromium: Use after free in Dawn [epel-all] |
2271863 | NEW | high | CVE-2024-2886 qt5-qtwebengine: chromium: Use after free in WebCodecs [epel-all] |
2271870 | NEW | high | CVE-2024-2887 qt5-qtwebengine: chromium: Type Confusion in WebAssembly [epel-all] |
2271912 | NEW | low | CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [epel-all] |
2272329 | NEW | high | CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code Execution [epel-all] |
2272852 | NEW | low | CVE-2024-3247 xpdf: stack-overflow in pdftotext [epel-all] |
2272855 | NEW | low | CVE-2024-3248 xpdf: stack overflow via pdftpng [epel-all] |
2272890 | NEW | medium | CVE-2024-3205 ghc-yaml: libyaml: Heap-Based Buffer Overflow [epel-all] |
2273052 | NEW | high | TRIAGE CVE-2024-30255 golang-github-prometheus: envoy: HTTP/2 CPU exhaustion due to CONTINUATION frame flood [epel-all] |
2273514 | NEW | medium | TRIAGE CVE-2024-22189 caddy: quic-go: memory exhaustion attack against QUIC's connection ID mechanism [epel-all] |
2273515 | NEW | medium | TRIAGE CVE-2024-22189 caddy: quic-go: memory exhaustion attack against QUIC's connection ID mechanism [epel-8] |
2274021 | NEW | low | TRIAGE CVE-2024-2511 openssl3: openssl: Unbounded memory growth with session handling in TLSv1.3 [epel-all] |
2274683 | NEW | medium | CVE-2023-29483 python3.11-dns-epel: dnspython: denial of service in stub resolver [epel-all] |
2274684 | NEW | medium | CVE-2023-29483 python39-dns: dnspython: denial of service in stub resolver [epel-all] |
2274696 | NEW | medium | CVE-2023-49528 qt5-qtwebengine: FFmpeg: Heap Buffer Overflow vulnerability [epel-all] |
2275186 | NEW | low | CVE-2024-31497 filezilla: putty: secret key recovery of NIST P-521 private keys Through Biased ECDSA Nonces in PuTTY Client [epel-all] |
2275350 | NEW | high | CVE-2024-1135 python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers [epel-all] |
2275828 | NEW | low | CVE-2024-3900 xpdf: out-of-bounds array write [epel-all] |
2275842 | NEW | medium | CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 qt5-qtwebengine: ffmpeg: multiple vulnerabilities [epel-all] |
2276117 | NEW | medium | CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 qt5-qtwebengine: ffmpeg: multiple vulnerabilities [epel-all] |
2276124 | NEW | medium | CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 qt5-qtwebengine: ffmpeg: multiple vulnerabilites [epel-all] |
2276131 | NEW | medium | CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 qt5-qtwebengine: ffmpeg: multiple vulnerabilitites [epel-all] |
2276154 | NEW | medium | CVE-2024-1681 python-flask-cors: improper output neutralization for logs [epel-all] |
2277031 | NEW | low | CVE-2024-4141 xpdf: Out-of-bounds array write [epel-all] |
2277719 | NEW | medium | CVE-2023-51794 qt5-qtwebengine: ffmpeg: avfilter: heap buffer overflow in libavfilter/af_stereowiden.c [epel-8] |
2277747 | NEW | medium | CVE-2023-52723 kf5-libksieve: libksieve: cleartext password in server logs [epel-8] |
2278039 | NEW | medium | CVE-2024-4340 python-sqlparse: sqlparse: parsing heavily nested list leads to denial of service [epel-all] |
2278273 | NEW | medium | CVE-2023-40533 tinyproxy: HTTP request parsing uninitialized memory [epel-all] |
2278753 | NEW | medium | CVE-2023-26793 libmodbus: head buffer overflow in read_io_status() [epel-all] |
2278810 | NEW | medium | CVE-2024-34402 CVE-2024-34403 uriparser: various flaws [epel-8] |
2279472 | NEW | medium | CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion [epel-8] |
2279487 | NEW | medium | TRIAGE CVE-2024-34064 python3.11-jinja2-epel: jinja2: accepts keys containing non-attribute characters [epel-all] |
2279797 | NEW | medium | CVE-2024-34244 libmodbus: heap buffer overread [epel-all] |
2280040 | NEW | medium | CVE-2024-29157 CVE-2024-291573 CVE-2024-29158 CVE-2024-291582 CVE-2024-291583 CVE-2024-29159 CVE-2024-291591 CVE-2024-291593 CVE-2024-29160 CVE-2024-291600 CVE-2024-291603 CVE-2024-29161 CVE-2024-291612 CVE-2024-291619 ... hdf5: multiple CVEs [epel-8] |
2280413 | NEW | medium | CVE-2022-4967 strongswan: potential authorization bypass with TLS-based EAP methods [epel-all] |
2280419 | NEW | medium | CVE-2024-28285 cryptopp: potential leak of secret key of ElGamal encryption via fault injection [epel-all] |
2280493 | NEW | high | CVE-2024-27082 cacti: XSS vulnerability when managing trees [epel-all] |
2280534 | NEW | medium | CVE-2024-34459 qt5-qtwebengine: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c [epel-all] |
2280611 | NEW | medium | CVE-2024-4068 ansible: braces: fails to limit the number of characters it can handle [epel-all] |
2280612 | NEW | medium | CVE-2024-4068 golang-github-prometheus: braces: fails to limit the number of characters it can handle [epel-all] |
2280761 | NEW | high | CVE-2024-4976 xpdf: Out-of-bounds array write due to missing object type check [epel-all] |
2280765 | NEW | medium | CVE-2024-4067 ansible: micromatch: vulnerable to Regular Expression Denial of Service [epel-all] |
2280766 | NEW | medium | CVE-2024-4067 golang-github-prometheus: micromatch: vulnerable to Regular Expression Denial of Service [epel-all] |
2281032 | NEW | low | CVE-2024-4603 openssl3: openssl: Excessive time spent checking DSA keys and parameters [epel-8] |
2281496 | NEW | medium | CVE-2024-35190 asterisk: wrongly matches ALL unauthorized SIP requests [epel-all] |
2282117 | NEW | medium | CVE-2024-35195 protonvpn-cli: requests: subsequent requests to the same host ignore cert verification [epel-all] |
2282118 | NEW | medium | CVE-2024-35195 proxysql: requests: subsequent requests to the same host ignore cert verification [epel-all] |
2282185 | NEW | medium | CVE-2024-33900 keepassxc: attackers can recover cleartext credentials [epel-8] |
2282186 | NEW | medium | CVE-2024-33901 keepassxc: attackers can recover some passwords stored in the .kdbx database [epel-8] |
2283557 | NEW | medium | CVE-2023-6349 qt5-qtwebengine: libvpx: Heap buffer overflow related to VP9 encoding [epel-all] |
2283823 | NEW | medium | CVE-2024-35226 php-Smarty: php code injection [epel-all] |
2284251 | NEW | medium | CVE-2024-37017 asdcplib: buffer over-read [epel-all] |
2284588 | NEW | high | CVE-2024-29415 golang-github-prometheus: node-ip: Inomplete fix for CVE-2023-42282 [epel-all] |
2290836 | NEW | medium | CVE-2022-4968 netplan: leaks the private key of wireguard to local users [epel-8] |
2290907 | NEW | high | CVE-2024-29041 golang-github-prometheus: express: cause malformed URLs to be evaluated [epel-all] |
2290908 | NEW | high | CVE-2024-29041 qpid-dispatch: express: cause malformed URLs to be evaluated [epel-all] |
2291220 | NEW | medium | CVE-2024-5138 snapd: Privilege escalation may lead to a Denial of Service [epel-all] |
2291223 | NEW | high | CVE-2024-36041 plasma-workspace: plasma-workspace/ksmserver: Unauthorized users can access session manager [epel-all] |
2292121 | NEW | medium | CVE-2023-52890 ntfs-3g: use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c [epel-all] |
2292343 | NEW | medium | CVE-2024-35328 ghc-yaml: libyaml: denial of service in yaml_parser_parse of the file /src/libyaml/src/parser.c. [epel-all] |
2292347 | NEW | medium | CVE-2024-36587 dnscrypt-proxy: escalate privileges to root via overwriting the binary dnscrypt-proxy [epel-all] |
2292353 | NEW | medium | CVE-2024-35326 ghc-yaml: libyaml: double-free in yaml_emitter_emit in /src/libyaml/src/emitter.c [epel-all] |
2292358 | NEW | medium | CVE-2024-35325 ghc-yaml: libyaml: double-free in yaml_event_delete in /src/libyaml/src/api.c [epel-all] |
2292671 | NEW | medium | CVE-2024-24789 micro: golang: archive/zip: Incorrect handling of certain ZIP files [epel-all] |
2292673 | NEW | medium | CVE-2024-24789 rclone: golang: archive/zip: Incorrect handling of certain ZIP files [epel-all] |
2292674 | NEW | medium | CVE-2024-24789 restic: golang: archive/zip: Incorrect handling of certain ZIP files [epel-all] |
2292675 | NEW | medium | CVE-2024-24789 snapd: golang: archive/zip: Incorrect handling of certain ZIP files [epel-all] |
2292812 | NEW | high | CVE-2024-37882 CVE-2024-37883 CVE-2024-37884 CVE-2024-37885 CVE-2024-37886 CVE-2024-37887 nextcloud-client: nextcloud: multiple vulnerabilities [epel-all] |
2292822 | NEW | medium | CVE-2024-37312 CVE-2024-37313 CVE-2024-37314 nextcloud-client: nextcloud: multiple vulnerabilities [epel-all] |
2292846 | NEW | medium | CVE-2024-37315 CVE-2024-37316 CVE-2024-37317 nextcloud-client: nextcloud: multiple vulnerabilities [epel-all] |
2293154 | NEW | medium | CVE-2024-37891 python-docker: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all] |
2293155 | NEW | medium | CVE-2024-37891 python-hvac: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all] |
2293157 | NEW | medium | CVE-2024-37891 python-smart-gardena: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all] |
2293158 | NEW | medium | CVE-2024-37891 python38-hvac: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all] |
2293212 | NEW | medium | CVE-2024-28863 yarnpkg: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8] |
2293729 | NEW | high | CVE-2020-27352 snapd: access restriction can be bypassed by container management snaps [epel-all] |
2293954 | NEW | medium | CVE-2024-28130 dcmtk: incorrect type conversion [epel-8] |
2293998 | NEW | medium | CVE-2022-28550 jhead: Buffer Overflow via shellescape() jhead.c [epel-all] |
2294669 | NEW | medium | CVE-2024-28820 openvpn-auth-ldap: buffer overflow [epel-all] |
2294731 | NEW | medium | CVE-2019-1020001 rubygem-yard: Arbitrary path traversal and file access in yard server [epel-all] |
2294758 | NEW | medium | CVE-2024-27628 dcmtk: Buffer Overflow via the EctEnhancedCT method [epel-all] |
2294928 | NEW | low | CVE-2024-5535 openssl3: SSL_select_next_proto buffer overread [epel-all] |
2295351 | NEW | medium | CVE-2024-32230 qt5-qtwebengine: Buffer Overflow [epel-all] |
2295374 | NEW | medium | CVE-2024-32228 qt5-qtwebengine: Buffer Overflow [epel-all] |
2295384 | NEW | high | CVE-2024-32229 qt5-qtwebengine: heap-buffer-overflow [epel-all] |
2295646 | NEW | medium | CVE-2023-52169 p7zip: out-of-bounds read in NtfsHandler.cpp [epel-all] |
2295687 | NEW | medium | CVE-2023-52168 p7zip: heap-based buffer overflow in NtfsHandler.cpp [epel-all] |
2296959 | NEW | medium | CVE-2024-39684 rapidjson: pivilege escalation via integer overflow in GenericReader::ParseNumber() [epel-all] |
2296967 | NEW | medium | CVE-2024-39684 leatherman: pivilege escalation via integer overflow in GenericReader::ParseNumber() [epel-all] |
2296970 | NEW | medium | CVE-2024-38517 rapidjson: privilege escalation via integer underflow in GenericReader::ParseNumber() [epel-all] |
2296978 | NEW | medium | CVE-2024-38517 leatherman: privilege escalation via integer underflow in GenericReader::ParseNumber() [epel-all] |
2297343 | NEW | medium | CVE-2024-37151 suricata: packet reassembly failure, which can lead to policy bypass [epel-all] |
2298672 | NEW | high | CVE-2024-6345 limnoria: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools [epel-all] |
2298802 | NEW | urgent | CVE-2024-39844 znc: remote code execution via modtcl [epel-all] |
2298871 | NEW | high | CVE-2024-40724 assimp: heap-based buffer overflow [epel-all] |
2301625 | NEW | medium | CVE-2024-41810 python-twisted: Reflected XSS via HTML Injection in Redirect Response [epel-8] |
2301843 | NEW | high | CVE-2024-40776 gnucash: Use after free may lead to Remote Code Execution [epel-all] |
2302513 | NEW | medium | CVE-2024-40630 OpenImageIO: HEIF heap out-of-bounds read [epel-all] |
2303051 | NEW | medium | CVE-2024-7055 qt5-qtwebengine: From NVD collector [epel-8] |
2303443 | NEW | high | CVE-2024-37890 golang-github-prometheus: denial of service when handling a request with many HTTP headers [epel-all] |
2303608 | NEW | medium | CVE-2024-36600 python-pycdio: crafted iso image file leads to arbitrary code execution [epel-all] |
2303918 | NEW | high | CVE-2024-42365 asterisk: Write=originate, is sufficient permissions for code execution / System() dialplan [epel-all] |
2305117 | NEW | high | CVE-2024-39338 ansible-collection-awx-awx: axios: Server-Side Request Forgery [epel-all] |
2305299 | NEW | low | CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder [epel-8] |
2305300 | NEW | low | CVE-2024-7867 xpdf: integer overflow and divide-by-zero due to very large coordinates in a page box [epel-8] |
2305305 | NEW | low | CVE-2024-7866 xpdf: infinite recursion and a stack overflow due to PDF object loop in a pattern resource [epel-8] |
2305669 | NEW | medium | CVE-2024-6221 python-flask-cors: Private Network Permission Enabled by default in corydolphin/flask-cors [epel-8] |
2305915 | NEW | high | CVE-2024-23185 perl-Email-Address-XS: very large headers can cause resource exhaustion when parsing message [epel-all] |
2307342 | NEW | medium | CVE-2024-45193 libolm: Ed25519 signature malleability due to lack of validation criteria in libolm [epel-all] |
2307345 | NEW | medium | CVE-2024-45192 libolm: Cache-timing attacks can occur due to use of base64 when decoding group session keys [epel-all] |
2307348 | NEW | medium | CVE-2024-45191 libolm: The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes [epel-all] |
2307671 | NEW | medium | CVE-2024-43398 facter: DoS vulnerability in REXML [epel-all] |
2310289 | NEW | low | CVE-2024-45157 mbedtls: From NVD collector [epel-all] |
2310292 | NEW | medium | CVE-2024-42491 asterisk: A malformed Contact or Record-Route URI in an incoming SIP request can cause crash [epel-8] |
2311374 | NEW | medium | CVE-2024-43796 qpid-dispatch: Improper Input Handling in Express Redirects [epel-8] |
2311376 | NEW | medium | CVE-2024-43796 yarnpkg: Improper Input Handling in Express Redirects [epel-8] |
2313602 | NEW | medium | CVE-2024-31570 freeimage: stack-based buffer overflow in PluginXPM.cpp [epel-8] |
2313705 | NEW | medium | CVE-2024-9029 freeimage: Heap buffer overflow in tiff_read_iptc_profile [epel-8] |
2314486 | NEW | medium | CVE-2024-45230 python-django3: Potential denial-of-service vulnerability in django.utils.html.urlize() [epel-all] |
2315822 | NEW | high | CVE-2024-47515 pagure: generate_archive() follows symbolic links in temporary clones [epel-all] |
2315824 | NEW | urgent | CVE-2024-47516 pagure: Argument Injection in PagureRepo.log() [epel-all] |
2317098 | NEW | high | CVE-2024-43363 cacti: Remote code execution via Log Poisoning in Cacti [epel-8] |
2317101 | NEW | high | CVE-2024-43362 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-8] |
2317105 | NEW | medium | CVE-2024-43364 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-8] |
2317108 | NEW | medium | CVE-2024-43365 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-8] |
2317489 | NEW | high | CVE-2024-45160 lemonldap-ng: From NVD collector [epel-8] |
2317755 | NEW | medium | CVE-2024-48933 lemonldap-ng: XSS/HTML Injection login page when user contains special characters [epel-8] |
2317786 | NEW | high | CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [epel-8] |
2321666 | NEW | high | CVE-2024-48208 pure-ftpd: out of bounds read in the domlsd() function of ls.c [epel-8] |
2322470 | NEW | high | CVE-2024-49769 python-waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion [epel-8] |
2322945 | NEW | high | CVE-2024-10525 mosquitto: heap buffer overflow in my_subscribe_callback [epel-8] |
2323592 | NEW | urgent | CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [epel-8] |
2325137 | NEW | low | CVE-2024-46613 weechat: Buffer Overflow Vulnerability in WeeChat [epel-8] |
2326928 | NEW | medium | CVE-2024-52947 lemonldap-ng: From CVEorg collector [epel-8] |
2326935 | NEW | high | CVE-2024-52946 lemonldap-ng: Improper Authentication Level Check in LemonLDAP::NG [epel-8] |
2328098 | NEW | high | CVE-2024-52804 python-tornado: Tornado has HTTP cookie parsing DoS vulnerability [epel-8] |
2328913 | NEW | medium | CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [epel-8] |
2330014 | NEW | medium | CVE-2024-53259 caddy: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux [epel-8] |
2331081 | NEW | medium | CVE-2024-12361 qt5-qtwebengine: FFmpeg NULL Pointer Dereference [epel-8] |
2331920 | NEW | high | CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-8] |
2331922 | NEW | high | CVE-2024-45337 golang-x-crypto: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-8] |
2331923 | NEW | high | CVE-2024-45337 pack: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-8] |
2331924 | NEW | high | CVE-2024-45337 rclone: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-8] |
2331925 | NEW | high | CVE-2024-45337 restic: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-8] |
2332149 | NEW | medium | CVE-2024-31670 rizin: buffer overflow via create_cache_bins [epel-8] |
2332935 | NEW | medium | CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function [epel-8] |