Repo Status -
Overall Status
Page updated: 2024-11-17 12:46
| 1229473 | NEW | RFA: pymol |
| 1498887 | NEW | please create an epel8 package for remind |
| 1741758 | NEW | Request to build httpd-itk for EPEL 8 |
| 1741770 | NEW | Request to build sscep for EPEL 8 |
| 1741776 | NEW | Request to build unison240 for EPEL 8 |
| 1744504 | NEW | Please build php-extras for EPEL 8 |
| 1749146 | NEW | Build LXQt in EPEL8 |
| 1749520 | ASSIGNED | build of erlang-rebar for EPEL 8 |
| 1749521 | NEW | Summary: build of erlang-sd_notify for EPEL 8 |
| 1749546 | NEW | build of rubygem-rgen for EPEL 8 |
| 1752945 | NEW | build of elixir for EPEL 8 |
| 1752946 | NEW | build of rabbitmq-server for EPEL 8 |
| 1754290 | NEW | Request to build pangox-compat for EPEL 8 |
| 1756673 | ON_QA | Build fvwm 2.6.9 for EPEL8 |
| 1756999 | NEW | Please build libircclient for EPEL-8 |
| 1757002 | NEW | docbook-utils-pdf missing in RHEL8/CentOS-8: need it in EPEL8 |
| 1757014 | NEW | Please build mpdecimal for EPEL-8 |
| 1757033 | NEW | Please build ttembed for EPEL-8 |
| 1757597 | NEW | unifdef not built for EL8 |
| 1758005 | NEW | build xlockmore for epel8 |
| 1759124 | NEW | Branch request: python-XStatic-Patternfly for epel8 |
| 1759129 | NEW | Branch request: nodejs-typeahead.js for epel8 |
| 1759459 | NEW | Please build phpMyAdmin for EPEL8 |
| 1760019 | NEW | Request to package check-mk for EPEL 8 |
| 1761034 | NEW | Request to build nodejs-ronn for EPEL8 |
| 1761454 | NEW | libnetfilter_log missing from EPEL8 |
| 1763768 | NEW | [RFE] EPEL8 branch of rubygem-sass |
| 1765789 | NEW | Please build uucp for EPEL 8 |
| 1768105 | NEW | Request to build mantis for EPEL8 |
| 1769168 | NEW | Add dnfdragora to EPEL8 |
| 1770068 | NEW | Request to package Tilix for EPEL 8 |
| 1777363 | NEW | Include resolv_wrapper in EPEL 8 |
| 1777957 | NEW | Provide burp EPEL8 packages |
| 1780527 | NEW | CVE-2019-14899 ike: openvpn: ike: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel [epel-8] |
| 1783797 | NEW | SNMPTT |
| 1786134 | NEW | Package request: grads for EPEL 8 |
| 1788529 | NEW | qemu-system-x86 missing |
| 1789273 | NEW | Request to build opus-tools for EPEL 8 |
| 1790952 | ASSIGNED | Build ckeditor for epel8? |
| 1794228 | POST | RFE: Please support an EPEL 8 branch |
| 1795527 | NEW | i enabled rhel 8 repo on fedora |
| 1796606 | NEW | Package mod-bw for EPEL8 |
| 1798907 | NEW | Request to package mapserver for EPEL8 |
| 1800889 | ASSIGNED | requesting ikiwiki epel build for el7 and especially el8 |
| 1803973 | NEW | CGI::Session is missing in epel8 |
| 1804789 | NEW | Request to build mirrormanager2 for EPEL8 |
| 1809020 | NEW | qiv EPEL8 |
| 1810386 | NEW | Request build pnglite for EPEL 8 |
| 1810392 | NEW | Request build json-parser for EPEL 8 |
| 1810823 | NEW | Please build an EPEL8 build for lbzip2-utils |
| 1813466 | NEW | request for compiz 0.8.x in EPEL 8 |
| 1817063 | NEW | [RFE] xqilla: epel8 build request |
| 1817311 | ASSIGNED | RFE: build rss2emai for epel8 |
| 1822241 | NEW | upower present in both epel8-playground and AppStream |
| 1822812 | NEW | Request to package beanstalkd for EPEL 8 |
| 1823313 | ASSIGNED | Please release it for EPEL-8 |
| 1823997 | NEW | [RFE] perdition: epel8 build request. |
| 1830821 | POST | Please build python-pypandoc for EPEL 8 |
| 1832886 | NEW | 0ad package for EPEL 8 |
| 1835282 | NEW | Please build an EPEL8 build for fts |
| 1842675 | NEW | package - backup-manager - not available in epel8-repository |
| 1843880 | NEW | [EPEL8][RFE] python-oauth2 for EPEL8 |
| 1844832 | NEW | Request that keepassx be added to epel8 |
| 1845285 | NEW | Enable epel8 build |
| 1846028 | NEW | Branch request: Euca2ools for EPEL8 |
| 1847573 | NEW | Please provide antlr3 version for EPEL8 |
| 1847577 | NEW | build python-cmd2 for EPEL 8 |
| 1847692 | NEW | Request to package python-virtualenvwrapper for EPEL 8 |
| 1850645 | ASSIGNED | Add perl-DBD-MariaDB to EPEL8 |
| 1850770 | NEW | Package xml-security-c-devel not available in epel8 |
| 1850791 | NEW | Please build an EPEL8 build for python3-qt5 |
| 1854685 | NEW | pam_mysql is missing in el8 |
| 1859767 | NEW | Please make valkyrie V2 or V3 available on EPEL8 |
| 1860573 | ASSIGNED | php-google-apiclient missing in EPEL 8 |
| 1860574 | ASSIGNED | php-markdown missing in EPEL 8 |
| 1860576 | ASSIGNED | php-pear-OLE missing in EPEL 8 |
| 1860577 | ASSIGNED | php-simplepie missing in EPEL 8 |
| 1860580 | NEW | moodle missing in EPEL 8 |
| 1861320 | NEW | Unison is missing from EPEL 8 |
| 1868371 | NEW | CentOS8 - numpad do not work in KDE Plasma |
| 1868381 | NEW | [EPEL8][RFE] rubygem-sinatra for EPEL8 |
| 1873103 | NEW | rebuild collectl package for EPEL8 |
| 1876003 | NEW | Please make fzf available in EPEL 8 |
| 1876371 | NEW | Please provide ferm for EPEL 8 |
| 1880869 | NEW | EL8 package missing |
| 1883211 | NEW | [RFE] htmldoc for RHEL8 |
| 1885570 | NEW | python-behave for EL8 |
| 1892759 | NEW | Please build and EPEL8 build |
| 1892760 | NEW | Please build and EPEL8 build |
| 1892765 | NEW | Please build and EPEL8 build |
| 1895652 | NEW | CentOS 8 / Python 3.6 build error... |
| 1895690 | NEW | [EPEL8] There is no libcxx RPM in epel8 |
| 1897298 | NEW | viewvc package request for EPEL 8 (viewvc package not available in EPEL 8 ) |
| 1897465 | NEW | provide icecream package for epel8 |
| 1901322 | NEW | statsd missing in CentOS 8 |
| 1902817 | NEW | mysql++ and mysql++-devel not available in CentOS 8 |
| 1906889 | NEW | Build whatsup for RHEL8 |
| 1911055 | NEW | Request to package php-pear-Mail-Mime for EPEL 8 |
| 1911056 | NEW | Request to package php-pear-Crypt_GPG for EPEL 8 |
| 1911057 | NEW | Request to package php-pear-Net-Sieve for EPEL 8 |
| 1911058 | NEW | Request to package php-pear-Net-LDAP2 for EPEL 8 |
| 1911059 | NEW | Request to package php-kolab-net-ldap3 for EPEL 8 |
| 1911060 | NEW | Request to package php-endroid-qrcode for EPEL 8 |
| 1911062 | NEW | Request to package php-masterminds-html5 for EPEL 8 |
| 1916994 | NEW | libuv-devel and libuv version does not match |
| 1933855 | ASSIGNED | [EPEL8] please build sigul for EPEL8 |
| 1946686 | NEW | EPEL 8 FTBFS Tracker |
| 1960856 | NEW | Please build guake for EPEL8 |
| 1976085 | NEW | Request to package unhide for epel8 |
| 1979307 | NEW | [f2fs-tools] Unable to resize f2fs partition on F34 for the pinephone, but it works on F33 |
| 1982735 | ASSIGNED | request for postgis in EPEL-8 |
| 1989979 | NEW | Request adding "python3-exiv2" to epel 8 |
| 1995353 | NEW | qemu: Request for EPEL-8 build |
| 1996245 | ASSIGNED | Port to EL8? |
| 1998160 | NEW | EPEL to RHEL package removal tracker |
| 1998606 | NEW | KDE Desktop hangs randomly once a day after recent update, worked fine the year before |
| 2006154 | NEW | Please build ytnef for EPEL 8 |
| 2008520 | NEW | please provide an epel 8 build too |
| 2014254 | NEW | shellinabox not included in EPEL 8 repo |
| 2030319 | NEW | nosync: Please release it for EPEL8 |
| 2036295 | NEW | Branch request: massif-visualizer for epel8 |
| 2039354 | NEW | Need EPEL8 version for mkdocs package. |
| 2054317 | NEW | Please build for EPEL 8+ |
| 2056195 | NEW | Please, branch and build inchi for EPEL8 |
| 2056835 | NEW | Please branch and build same check-mk-agent as in epel7 |
| 2061807 | NEW | CVE-2022-0235 nodejs:13/nodejs: node-fetch: exposure of sensitive information to an unauthorized actor [epel-all] |
| 2066361 | NEW | Please branch and build argtable in epel8 |
| 2071933 | NEW | CVE-2022-26280 cmake3: libarchive: an out-of-bounds read via the component zipx_lzma_alone_init [epel-all] |
| 2073584 | NEW | CVE-2021-44906 nodejs-minimist: minimist: prototype pollution [epel-all] |
| 2073933 | NEW | CVE-2022-0088 yourls: CSRF may trick user to logout [epel-all] |
| 2074248 | NEW | CVE-2022-27191 golang-googlecode-go-crypto: golang: crash in a golang.org/x/crypto/ssh server [epel-all] |
| 2074394 | NEW | CVE-2022-24191 htmldoc: infinite loop in the gif_read_lzw function can lead to a buffer overflow [epel-all] |
| 2074859 | NEW | CVE-2022-28346 python-django-ajax-selects: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() [epel-all] |
| 2074860 | NEW | CVE-2022-28346 python-django-helpdesk: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() [epel-all] |
| 2074875 | NEW | CVE-2022-28347 python-django-ajax-selects: Django: SQL injection via QuerySet.explain(options) on PostgreSQL [epel-all] |
| 2074877 | NEW | CVE-2022-28347 python-django-helpdesk: Django: SQL injection via QuerySet.explain(options) on PostgreSQL [epel-all] |
| 2076231 | NEW | CVE-2022-26612 hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows [epel-all] |
| 2078903 | ASSIGNED | EPEL8 builds for python-bitmath |
| 2079212 | NEW | CVE-2022-24883 freerdp1.2: freerdp: Server Side Auth Against a SAM File May Succeed for Invalid Creds [epel-all] |
| 2079213 | NEW | CVE-2022-24882 freerdp1.2: freerdp: Server side NTLM does not properly check parameters [epel-all] |
| 2080831 | NEW | CVE-2022-21144 nodejs-libxmljs: libxmljs: libxmljs V8 parseXml buffer overflow [epel-all] |
| 2080988 | NEW | CVE-2021-21897 librecad: libdxflib: heap-based buffer overflow in the DL_Dxf:handleLWPolylineData function [epel-all] |
| 2081032 | NEW | CVE-2022-28085 htmldoc: heap buffer overflow in function pdf_write_names in ps-pdf.cxx [epel-all] |
| 2081138 | NEW | CVE-2022-29970 rubygem-sinatra: sinatra: path traversal possible outside of public_dir when serving static files [epel-all] |
| 2082550 | NEW | CVE-2022-30293 pywebkitgtk: webkitgtk: heap-buffer-overflow in WebCore::TextureMapperLayer::setContentsLayer [epel-all] |
| 2082553 | NEW | CVE-2022-30294 pywebkitgtk: webkitgtk: heap-buffer-overflow in WebCore::TextureMapperLayer::setContentsLayer [epel-all] |
| 2083147 | NEW | CVE-2018-25033 admesh: heap-buffer-overflow in stl_update_connects_remove_1() of src/connect.c [epel-all] |
| 2087625 | NEW | CVE-2022-25605 wordpress: vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6) [epel-all] |
| 2087629 | NEW | CVE-2022-30596 moodle: Stored XSS in assignment bulk marker allocation form via user ID number [epel-all] |
| 2087630 | NEW | CVE-2022-30597 moodle: Description field hidden by user policies (hiddenuserfields) is still visible [epel-all] |
| 2087631 | NEW | CVE-2022-30598 moodle: global search results reveal authors of content unexpectedly for some activities [epel-all] |
| 2087637 | NEW | CVE-2022-30600 moodle: Failed login attempts counted incorrectly [epel-all] |
| 2087638 | NEW | CVE-2022-30599 moodle: SQL injection risk in badge award criteria [epel-all] |
| 2087643 | NEW | CVE-2022-25602 wordpress: Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change [epel-all] |
| 2087645 | NEW | CVE-2022-25603 wordpress: Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5) [epel-all] |
| 2088784 | NEW | Please branch and build Rextext for Epel8 |
| 2091409 | NEW | CVE-2022-25604 wordpress: Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2) [epel-all] |
| 2092689 | NEW | CVE-2022-28948 golang-gopkg-yaml: crash when attempting to deserialize invalid input [epel-all] |
| 2093152 | NEW | CVE-2022-26944 percona-xtrabackup: Information exposure via cmd line output and table history into backup file [epel-all] |
| 2093190 | NEW | CVE-2022-30287 php-horde-turba: horde webmail - Remote Code Execution via Email (CSRF) [epel-all] |
| 2098559 | NEW | CVE-2022-29244 nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace [epel-all] |
| 2098560 | NEW | CVE-2022-29244 nodejs:13/nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace [epel-all] |
| 2098561 | NEW | CVE-2022-29244 nodejs:16-epel/nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace [epel-all] |
| 2100730 | NEW | CVE-2021-46784 clustal-omega: squid: DoS when processing gopher server responses [epel-all] |
| 2102908 | NEW | CVE-2022-33987 nodejs:13/nodejs: got: missing verification of requested URLs allows redirects to UNIX sockets [epel-all] |
| 2102998 | NEW | CVE-2022-23712 elasticdump: elasticsearch: DoS via a specifically formatted network request [epel-all] |
| 2103055 | ASSIGNED | Please branch and build python-pint in epel8 |
| 2106304 | NEW | CVE-2022-31056 glpi: an sql injection on the actor fields [epel-all] |
| 2106448 | NEW | CVE-2021-44537 owncloud-client: Resource Injection via a url could result in RCE [epel-all] |
| 2107245 | NEW | FTBFS: authbind on epel8 |
| 2108038 | NEW | CVE-2022-35649 moodle: PostScript Code Injection / Remote code execution risk [epel-all] |
| 2108040 | NEW | CVE-2022-35650 moodle: Arbitrary file read when importing lesson questions [epel-all] |
| 2108042 | NEW | CVE-2022-35651 moodle: Stored XSS and blind SSRF possible via SCORM track details [epel-all] |
| 2108044 | NEW | CVE-2022-35652 moodle: Open redirect risk in mobile auto-login feature [epel-all] |
| 2108046 | NEW | CVE-2022-35653 moodle: LTI module reflected XSS risk - affecting unauthenticated users only [epel-all] |
| 2108442 | NEW | Please branch and build python-poetry-core for EPEL8 |
| 2108490 | NEW | CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding [epel-all] |
| 2108491 | NEW | CVE-2022-32213 nodejs:13/nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding [epel-all] |
| 2108492 | NEW | CVE-2022-32213 nodejs:16-epel/nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding [epel-all] |
| 2108496 | NEW | CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields [epel-all] |
| 2108498 | NEW | CVE-2022-32214 nodejs:13/nodejs: HTTP request smuggling due to improper delimiting of header fields [epel-all] |
| 2108500 | NEW | CVE-2022-32214 nodejs:16-epel/nodejs: HTTP request smuggling due to improper delimiting of header fields [epel-all] |
| 2108509 | NEW | CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding [epel-all] |
| 2108510 | NEW | CVE-2022-32215 nodejs:13/nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding [epel-all] |
| 2108511 | NEW | CVE-2022-32215 nodejs:16-epel/nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding [epel-all] |
| 2108518 | NEW | CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses [epel-all] |
| 2108519 | NEW | CVE-2022-32212 nodejs:13/nodejs: DNS rebinding in --inspect via invalid IP addresses [epel-all] |
| 2108520 | NEW | CVE-2022-32212 nodejs:16-epel/nodejs: DNS rebinding in --inspect via invalid IP addresses [epel-all] |
| 2110707 | NEW | CVE-2022-31160 python-XStatic-jquery-ui: jqueryui: CVE-2022-31160 [epel-all] |
| 2112796 | NEW | CVE-2021-41556 squirrel: out-of-bounds read in core interpreter allows sandbox escape leads to code execution [epel-all] |
| 2112864 | NEW | There is no mysql-utilities RPM in epel8 |
| 2118954 | NEW | CVE-2020-21365 wkhtmltopdf: same origin policy allows local files to be read by default [epel-all] |
| 2118984 | NEW | CVE-2021-33235 htmldoc: heap-buffer-overflow on write_node in htmldoc/htmldoc/html.cxx [epel-all] |
| 2118987 | NEW | CVE-2021-33236 htmldoc: heap-buffer-overflow on write_header in htmldoc/htmldoc/html.cxx [epel-all] |
| 2119086 | NEW | CVE-2022-25168 hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar [epel-all] |
| 2119514 | NEW | CVE-2022-39047 freeciv: Modpack Installer buffer overflow [epel-all] |
| 2121636 | NEW | CVE-2022-2995 cri-o:1.21/cri-o: incorrect handling of the supplementary groups [epel-all] |
| 2122152 | NEW | CVE-2022-35133 cherrytree: XSS via a crafted payload injected into the Name text field when creating a node [epel-all] |
| 2122182 | NEW | CVE-2022-2986 moodle: CSRF risk in enabling/disabling installed H5P libraries [epel-all] |
| 2122730 | POST | CVE-2021-33455 yasm: NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122732 | POST | CVE-2021-33463 yasm: NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c [epel-all] |
| 2122741 | NEW | CVE-2021-33460 yasm: NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122743 | NEW | CVE-2021-33458 yasm: NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122745 | NEW | CVE-2021-33461 yasm: use-after-free in yasm_intnum_destroy() in libyasm/intnum.c [epel-all] |
| 2122748 | NEW | CVE-2021-33462 yasm: use-after-free in expr_traverse_nodes_post() in libyasm/expr.c [epel-all] |
| 2122750 | NEW | CVE-2021-33464 yasm: heap-based buffer overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122752 | NEW | CVE-2021-33465 yasm: NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122754 | NEW | CVE-2021-33466 yasm: NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122756 | NEW | CVE-2021-33467 yasm: use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122758 | NEW | CVE-2021-33468 yasm: use-after-free in error() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122935 | NEW | Please branch and build python-pillow for EPEL 8 |
| 2128148 | NEW | CVE-2022-40313 moodle: Stored XSS and page denial of service risks due to recursive rendering in Mustache template helpers [epel-all] |
| 2128152 | NEW | CVE-2022-40316 moodle: No groups filtering in H5P activity attempts report [epel-all] |
| 2128153 | NEW | CVE-2022-40315 moodle: Minor SQL injection risk in admin user browsing [epel-all] |
| 2128223 | NEW | CVE-2022-1278 jandex-maven-plugin: WildFly: possible information disclosure [epel-all] |
| 2128224 | NEW | CVE-2022-1278 wildfly-common: WildFly: possible information disclosure [epel-all] |
| 2130197 | NEW | CVE-2022-39835 gajim: security issue [epel-all] |
| 2130200 | NEW | CVE-2022-39835 python-nbxmpp: gajim: security issue [epel-all] |
| 2130524 | NEW | CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen [epel-all] |
| 2130525 | NEW | CVE-2022-35255 nodejs:13/nodejs: weak randomness in WebCrypto keygen [epel-all] |
| 2130526 | NEW | CVE-2022-35255 nodejs:16-epel/nodejs: weak randomness in WebCrypto keygen [epel-all] |
| 2130533 | NEW | CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields [epel-all] |
| 2130534 | NEW | CVE-2022-35256 nodejs:13/nodejs: HTTP Request Smuggling due to incorrect parsing of header fields [epel-all] |
| 2130536 | NEW | CVE-2022-35256 nodejs:16-epel/nodejs: HTTP Request Smuggling due to incorrect parsing of header fields [epel-all] |
| 2130766 | NEW | CVE-2022-39261 php-twig: twig: Possibility to load a template outside a configured directory when using the filesystem loader [epel-all] |
| 2134779 | NEW | Please include flang |
| 2135443 | NEW | CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function [epel-all] |
| 2135444 | NEW | CVE-2022-3517 nodejs:13/nodejs: nodejs-minimatch: ReDoS via the braceExpand function [epel-all] |
| 2135445 | NEW | CVE-2022-3517 nodejs:16-epel/nodejs: nodejs-minimatch: ReDoS via the braceExpand function [epel-all] |
| 2135589 | NEW | CVE-2020-35539 wordpress: Data Manipulation with X-Forwarded-For header at WordPress [epel-all] |
| 2136844 | NEW | please branch and build healpix in epel8 |
| 2138097 | NEW | Please branch and build Julia in epel8 |
| 2138129 | NEW | CVE-2022-39286 python-jupyter-core: jupyter-core: arbitrary code execution [epel-all] |
| 2139924 | NEW | CVE-2022-39323 glpi: SQL Injection on REST API [epel-all] |
| 2140585 | NEW | CVE-2022-3872 qemu: sdhci: buffer data port register off-by-one read/write [epel-all] |
| 2140914 | NEW | CVE-2022-43548 nodejs:13/nodejs: DNS rebinding in inspect via invalid octal IP address [epel-8] |
| 2140915 | NEW | CVE-2022-43548 nodejs:16-epel/nodejs: DNS rebinding in inspect via invalid octal IP address [epel-8] |
| 2141412 | NEW | CVE-2022-31008 rabbitmq-server: URI encryption with predictable secret seed [epel-all] |
| 2144973 | NEW | CVE-2022-36227 cmake3: libarchive: Null pointer dereference in archive_write.c [epel-all] |
| 2147512 | NEW | CVE-2022-4064 rubygem-dalli: code injection via flush_all [epel-all] |
| 2148543 | NEW | CVE-2022-4144 qemu: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read [epel-all] |
| 2151100 | NEW | CVE-2022-24999 nodejs:13/nodejs: express: "qs" prototype poisoning causes the hang of the node process [epel-8] |
| 2151596 | NEW | We can no longer install pybind11-devel from EPEL or Powertools on CentOS Stream 8 |
| 2152612 | NEW | Please branch and beaker-client for epel8 |
| 2154256 | NEW | Please branch and build gstreamer1-rtsp-server in epel8 |
| 2155653 | NEW | CVE-2022-4318 cri-o:1.21/cri-o: /etc/passwd tampering privesc [epel-8] |
| 2156291 | NEW | SDL2: memory leak in GLES_CreateTexture() in render/opengles/SDL_render_gles.c [epel-all] |
| 2157202 | NEW | Request EPEL 8 rpms for python-healpy |
| 2158444 | NEW | Please release it for EPEL8 |
| 2159639 | NEW | CVE-2023-22622 wordpress: DoS via the wp-cron.php functionality due to improper restriction of the amount for request handling [epel-all] |
| 2163040 | NEW | CVE-2022-41717 cri-o:1.21/cri-o: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163042 | NEW | CVE-2022-41717 dnscrypt-proxy2: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all] |
| 2163540 | NEW | CVE-2022-3064 golang-gopkg-yaml: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [epel-all] |
| 2163542 | NEW | CVE-2022-3064 kompose: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [epel-all] |
| 2165637 | NEW | CVE-2023-23921 moodle: Reflected XSS risk in some returnurl parameters [epel-all] |
| 2165640 | NEW | CVE-2023-23922 moodle: Reflected XSS risk in blog search [epel-all] |
| 2165642 | NEW | CVE-2023-23923 moodle: Possible to set the preferred "start page" of other users [epel-all] |
| 2166506 | NEW | epel8: llvm11 FTBFS due to cmake |
| 2169607 | NEW | CVE-2023-0361 mod_gnutls: gnutls: timing side-channel in the TLS RSA key exchange code [epel-all] |
| 2170650 | NEW | CVE-2022-38900 nodejs:13/nodejs: decode-uri-component: improper input validation resulting in DoS [epel-8] |
| 2172149 | NEW | CVE-2023-23918 nodejs: Node.js: Permissions policies can be bypassed via process.mainModule [epel-all] |
| 2172150 | NEW | CVE-2023-23918 nodejs:16-epel/nodejs: Node.js: Permissions policies can be bypassed via process.mainModule [epel-all] |
| 2172151 | NEW | CVE-2023-23918 nodejs:13/nodejs: Node.js: Permissions policies can be bypassed via process.mainModule [epel-all] |
| 2172173 | NEW | CVE-2023-23919 nodejs: Node.js: OpenSSL error handling issues in nodejs crypto library [epel-all] |
| 2172176 | NEW | CVE-2023-23919 nodejs:16-epel/nodejs: Node.js: OpenSSL error handling issues in nodejs crypto library [epel-all] |
| 2172191 | NEW | CVE-2023-23936 nodejs: Node.js: Fetch API did not protect against CRLF injection in host headers [epel-all] |
| 2172192 | NEW | CVE-2023-23936 nodejs:16-epel/nodejs: Node.js: Fetch API did not protect against CRLF injection in host headers [epel-all] |
| 2172205 | NEW | CVE-2023-24807 nodejs: Node.js: Regular Expression Denial of Service in Headers fetch API [epel-all] |
| 2172206 | NEW | CVE-2023-24807 nodejs:16-epel/nodejs: Node.js: Regular Expression Denial of Service in Headers fetch API [epel-all] |
| 2172218 | NEW | CVE-2023-23920 nodejs: Node.js: insecure loading of ICU data through ICU_DATA environment variable [epel-all] |
| 2172219 | NEW | CVE-2023-23920 nodejs:16-epel/nodejs: Node.js: insecure loading of ICU data through ICU_DATA environment variable [epel-all] |
| 2173646 | NEW | CVE-2023-23931 python3-cryptography: python-cryptography: memory corruption via immutable objects [epel-all] |
| 2173647 | NEW | CVE-2023-23931 python3-cryptography-vectors: python-cryptography: memory corruption via immutable objects [epel-all] |
| 2174279 | NEW | CVE-2022-25881 nodejs:13/nodejs: http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability [epel-all] |
| 2174280 | NEW | CVE-2022-25881 nodejs:16-epel/nodejs: http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability [epel-all] |
| 2176449 | NEW | Build CGI::FormBuilder for EPEL8 |
| 2177772 | NEW | CVE-2023-1350 liferea: RCE vulnerability on feed enrichment [epel-all] |
| 2178396 | NEW | CVE-2022-41723 cri-o:1.21/cri-o: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178398 | NEW | CVE-2022-41723 dnscrypt-proxy2: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178402 | NEW | CVE-2022-41723 golang-googlecode-net: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178404 | NEW | CVE-2022-41723 kompose: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] |
| 2178900 | NEW | CVE-2022-46908 sqlite2: sqlite: safe mode authorizer callback allows disallowed UDFs [epel-all] |
| 2179311 | NEW | CVE-2023-27117 wabt: WebAssembly: heap overflow via the component wabt::Node::operator. [epel-all] |
| 2179317 | NEW | CVE-2023-27119 wabt: WebAssembly: segmentation fault via component wabt::Decompiler::WrapChild. [epel-all] |
| 2179645 | NEW | CVE-2023-28120 rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice [epel-all] |
| 2182903 | NEW | CVE-2023-26464 log4j-jboss-logmanager: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [epel-all] |
| 2184903 | NEW | CVE-2023-25824 mbedtls: mod_gnutls: trace level logging causing DoS [epel-all] |
| 2185992 | NEW | CVE-2023-29469 rubygem-nokogiri: libxml2: Hashing of empty dict strings isn't deterministic [epel-all] |
| 2186002 | NEW | CVE-2023-28484 rubygem-nokogiri: libxml2: NULL dereference in xmlSchemaFixupComplexType [epel-all] |
| 2186293 | NEW | CVE-2023-29580 yasm: Segmentation violation via the component yasm_expr_create at /libyasm/expr.c [epel-all] |
| 2186880 | ON_QA | Please branch and build libomemo in epel9 and epel8 |
| 2188992 | NEW | Please branch and build sscep in epel8 |
| 2189616 | NEW | CVE-2023-29579 yasm: stack-based buffer overflow in x86_dir_cpu() in modules/arch/x86/x86arch.c [epel-all] |
| 2189663 | NEW | Please branch and build light-locker in epel8 |
| 2189932 | NEW | CVE-2023-30402 yasm: heap-based buffer overflow in handle_dot_label() in modules/parsers/nasm/nasm-token.re [epel-all] |
| 2196401 | ASSIGNED | Please branch and build python-cliff in epel8 |
| 2203215 | NEW | CVE-2023-31979 catdoc: buffer overflow in process_file() in src/reader.c [epel-all] |
| 2207544 | NEW | python carbon rpm is missing in EPEL 8 and EPEL 9 |
| 2207611 | NEW | CVE-2021-31239 sqlite2: sqlite: denial of service via the appendvfs.c function [epel-all] |
| 2208239 | NEW | Please branch and build gprbuild in epel8 |
| 2208241 | NEW | Please branch and build xmlada in epel8 |
| 2208328 | NEW | CVE-2023-1601 qemu: QXL: integer overflow in cursor_alloc (incomplete fix for CVE-2021-4206) [epel-all] |
| 2209424 | NEW | CVE-2023-31669 wabt: Crash in libc++abi.dylib [epel-all] |
| 2209505 | NEW | CVE-2023-32067 nodejs:13/nodejs: c-ares: 0-byte UDP payload Denial of Service [epel-8] |
| 2209540 | NEW | CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 nodejs:13/nodejs: various flaws [epel-8] |
| 2209541 | NEW | CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 nodejs:16-epel/nodejs: various flaws [epel-8] |
| 2209575 | NEW | CVE-2023-31518 teeworlds: heap use-after-free in the component CDataFileReader::GetItem of teeworlds [epel-all] |
| 2209578 | NEW | CVE-2023-31517 teeworlds: memory leaks [epel-all] |
| 2210037 | NEW | Please branch and build ipmiutil in epel8 |
| 2210246 | NEW | CVE-2023-31723 CVE-2023-31724 CVE-2023-31725 yasm: various flaws [epel-all] |
| 2216941 | NEW | TRIAGE-CVE-2023-36191 sqlite2: sqlite: CLI fault on missing -nonce [epel-all] |
| 2219827 | NEW | CVE-2023-30581 nodejs:16-epel/nodejs: mainModule.proto bypass experimental policy mechanism [epel-all] |
| 2219828 | NEW | CVE-2023-30581 nodejs: mainModule.proto bypass experimental policy mechanism [epel-all] |
| 2220675 | NEW | CVE-2023-26136 nodejs:13/nodejs: tough-cookie: prototype pollution in cookie memstore [epel-all] |
| 2220697 | NEW | CVE-2023-30584 nodejs:16-epel/nodejs: path traversal bypass in experimental permission model [epel-all] |
| 2220698 | NEW | CVE-2023-30584 nodejs: path traversal bypass in experimental permission model [epel-all] |
| 2220709 | NEW | CVE-2023-30587 nodejs:16-epel/nodejs: inspector protocol bypass the experimental permission model [epel-all] |
| 2220710 | NEW | CVE-2023-30587 nodejs: inspector protocol bypass the experimental permission model [epel-all] |
| 2220722 | NEW | CVE-2023-30582 nodejs:16-epel/nodejs: fs.watchFile bypass in experimental permission model [epel-all] |
| 2220723 | NEW | CVE-2023-30582 nodejs: fs.watchFile bypass in experimental permission model [epel-all] |
| 2220734 | NEW | CVE-2023-30583 nodejs:16-epel/nodejs: fs.openAsBlob bypass in experimental permission model [epel-all] |
| 2220735 | NEW | CVE-2023-30583 nodejs: fs.openAsBlob bypass in experimental permission model [epel-all] |
| 2220740 | NEW | CVE-2023-30583 nodejs:16-epel/nodejs: fs.openAsBlob bypass in experimental permission model [epel-all] |
| 2220741 | NEW | CVE-2023-30583 nodejs: fs.openAsBlob bypass in experimental permission model [epel-all] |
| 2220752 | NEW | CVE-2023-30585 nodejs:16-epel/nodejs: privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process [epel-all] |
| 2220753 | NEW | CVE-2023-30585 nodejs: privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process [epel-all] |
| 2220764 | NEW | CVE-2023-30586 nodejs:16-epel/nodejs: OpenSSL engines can be used to bypass the permission model [epel-all] |
| 2220765 | NEW | CVE-2023-30586 nodejs: OpenSSL engines can be used to bypass the permission model [epel-all] |
| 2220776 | NEW | CVE-2023-30588 nodejs:16-epel/nodejs: process interuption due to invalid Public Key information in x509 certificates [epel-all] |
| 2220777 | NEW | CVE-2023-30588 nodejs: process interuption due to invalid Public Key information in x509 certificates [epel-all] |
| 2220788 | NEW | CVE-2023-30589 nodejs:16-epel/nodejs: HTTP Request Smuggling via Empty headers separated by CR [epel-all] |
| 2220789 | NEW | CVE-2023-30589 nodejs: HTTP Request Smuggling via Empty headers separated by CR [epel-all] |
| 2220794 | NEW | CVE-2023-30590 nodejs:16-epel/nodejs: DiffieHellman do not generate keys after setting a private key [epel-all] |
| 2220795 | NEW | CVE-2023-30590 nodejs: DiffieHellman do not generate keys after setting a private key [epel-all] |
| 2220918 | NEW | unifont package not available in EPEL8 / EPEL9 |
| 2220989 | NEW | Please branch and build xca in epel8 |
| 2222024 | NEW | TRIAGE-CVE-2022-24834 redis: heap overflow in the lua cjson and cmsgpack libraries [epel-all] |
| 2222509 | NEW | CVE-2022-25883 nodejs:13/nodejs: nodejs-semver: Regular expression denial of service [epel-all] |
| 2222510 | NEW | CVE-2022-25883 nodejs:16-epel/nodejs: nodejs-semver: Regular expression denial of service [epel-all] |
| 2223397 | NEW | CVE-2021-31294 redis: an assertion failure in a primary server by sending a non-administrative command [epel-all] |
| 2229266 | NEW | Please branch and build rabbitvcs for EPEL 8 |
| 2229577 | NEW | CVE-2023-3978 cri-o:1.21/cri-o: golang.org/x/net/html: Cross site scripting [epel-all] |
| 2229578 | NEW | CVE-2023-3978 golang-googlecode-net: golang.org/x/net/html: Cross site scripting [epel-all] |
| 2229580 | NEW | CVE-2023-3978 kompose: golang.org/x/net/html: Cross site scripting [epel-all] |
| 2233374 | NEW | CVE-2023-32002 nodejs:16-epel/nodejs: Permissions policies can be bypassed via Module._load [epel-8] |
| 2233376 | NEW | CVE-2023-32002 nodejs:13/nodejs: Permissions policies can be bypassed via Module._load [epel-8] |
| 2233387 | NEW | TRIAGE-CVE-2023-32006 nodejs:16-epel/nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() [epel-8] |
| 2233389 | NEW | TRIAGE-CVE-2023-32006 nodejs:13/nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() [epel-8] |
| 2233400 | NEW | CVE-2023-32559 nodejs:13/nodejs: Permissions policies can be bypassed via process.binding [epel-8] |
| 2233403 | NEW | CVE-2023-32559 nodejs:16-epel/nodejs: Permissions policies can be bypassed via process.binding [epel-8] |
| 2235275 | NEW | CVE-2020-22628 LibRaw-epel: libraw: Out of bounds read in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp [epel-8] |
| 2235347 | NEW | CVE-2023-31566 podofo: use-after-free in PoDoFo::PdfEncrypt::IsMetadataEncrypted [epel-all] |
| 2235352 | NEW | CVE-2023-31567 podofo: heap-based buffer overflow in PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3 [epel-all] |
| 2235804 | NEW | TRIAGE-CVE-2020-22217 nodejs:13/nodejs: c-ares: read-heap-buffer-overflow in ares_parse_soa_reply [epel-all] |
| 2236391 | NEW | CVE-2023-39615 mingw-libxml2: libxml2: crafted xml can cause global buffer overflow [epel-all] |
| 2240980 | NEW | CVE-2023-41910 lldpd: lldpd CDP PDU Packet cdp.c out-of-bounds read [epel-all] |
| 2241257 | NEW | CVE-2023-5217 godot: libvpx: Heap buffer overflow in vp8 encoding in libvpx [epel-all] |
| 2241808 | NEW | CVE-2023-44488 godot: TRIAGE-CVE-2023-44488 libvpx: crash related to VP9 encoding [epel-all] |
| 2243324 | NEW | [Major Incident] CVE-2023-44487 nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all] |
| 2243331 | NEW | [Major Incident] CVE-2023-44487 varnish: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all] |
| 2244438 | NEW | TRIAGE-CVE-2023-39331 nodejs:16-epel/nodejs: permission model improperly protects against path traversal [epel-8] |
| 2244439 | NEW | TRIAGE-CVE-2023-39331 nodejs:13/nodejs: permission model improperly protects against path traversal [epel-8] |
| 2244449 | NEW | TRIAGE-CVE-2023-39331 nodejs:16-epel/nodejs: permission model improperly protects against path traversal [epel-8] |
| 2244450 | NEW | TRIAGE-CVE-2023-39331 nodejs:13/nodejs: permission model improperly protects against path traversal [epel-8] |
| 2244460 | NEW | TRIAGE-CVE-2023-39332 nodejs:16-epel/nodejs: path traversal through path stored in Uint8Array [epel-8] |
| 2244461 | NEW | TRIAGE-CVE-2023-39332 nodejs:13/nodejs: path traversal through path stored in Uint8Array [epel-8] |
| 2244485 | NEW | CVE-2023-38552 nodejs:16-epel/nodejs: integrity checks according to policies can be circumvented [epel-8] |
| 2244487 | NEW | CVE-2023-38552 nodejs:13/nodejs: integrity checks according to policies can be circumvented [epel-8] |
| 2244490 | NEW | CVE-2023-39333 nodejs:16-epel/nodejs: code injection via WebAssembly export names [epel-8] |
| 2244491 | NEW | CVE-2023-39333 nodejs:13/nodejs: code injection via WebAssembly export names [epel-8] |
| 2244941 | NEW | CVE-2023-45145 redis: possible bypass of Unix socket permissions on startup [epel-all] |
| 2246490 | NEW | TRIAGE CVE-2018-25091 docker-compose: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
| 2246492 | NEW | TRIAGE CVE-2018-25091 mote: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all] |
| 2246539 | NEW | CVE-2023-46118 rabbitmq-server: DoS by publishing large messages over the HTTP API [epel-all] |
| 2246807 | NEW | Please branch and build python-vobject in epel8 |
| 2247700 | NEW | CVE-2023-42802 glpi: unrestricted php script upload & execution [epel-all] |
| 2248146 | NEW | CVE-2023-41324 CVE-2023-41322 CVE-2023-41321 CVE-2023-41320 CVE-2023-41323 CVE-2023-42462 CVE-2023-42461 glpi: various flaws [epel-all] |
| 2248220 | NEW | dnscrypt-proxy2: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248225 | NEW | golang-googlecode-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2248228 | NEW | kompose: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] |
| 2249139 | NEW | CVE-2023-46733 php-symfony: possible session fixation [epel-all] |
| 2249142 | NEW | CVE-2023-46734 php-symfony: potential XSS vulnerabilities in CodeExtension filters [epel-all] |
| 2249145 | NEW | php-symfony: potential XSS in WebhookController [epel-all] |
| 2249284 | NEW | TRIAGE CVE-2023-46695 python-django16: python-django: Potential denial of service vulnerability in UsernameField on Windows [epel-all] |
| 2250231 | NEW | TRIAGE CVE-2023-46728 clustal-omega: squid: NULL pointer dereference in the gopher protocol code [epel-all] |
| 2253443 | NEW | CVE-2023-45133 nodejs: babel: arbitrary code execution [epel-all] |
| 2253444 | NEW | CVE-2023-45133 nodejs:16-epel/nodejs: babel: arbitrary code execution [epel-all] |
| 2255065 | NEW | CVE-2023-48795 golang-googlecode-go-crypto: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] |
| 2255353 | NEW | CVE-2023-49083 python3-cryptography: python-cryptography: NULL-dereference when loading PKCS7 certificates [epel-all] |
| 2256060 | NEW | CVE-2022-24775 php-guzzlehttp-psr7: improper header parsing in php-guzzlehttp-psr7 [epel-all] |
| 2256198 | NEW | CVE-2023-7104 sqlite2: sqlite: heap-buffer-overflow at sessionfuzz [epel-all] |
| 2256883 | NEW | TRIAGE CVE-2024-22049 rubygem-httparty: httparty: multipart/form-data request vulnerable to tampering [epel-all] |
| 2257495 | NEW | CVE-2023-6476 cri-o:1.21/cri-o: Pods are able to break out of resource confinement on cgroupv2 [epel-all] |
| 2257590 | NEW | CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [epel-all] |
| 2257591 | NEW | CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [epel-all] |
| 2257592 | NEW | CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [epel-all] |
| 2258546 | NEW | CVE-2024-22362 drupal7: improper handling of structural elements leading to denail of service [epel-all] |
| 2258680 | NEW | CVE-2023-4522 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [epel-all] |
| 2258686 | NEW | CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [epel-all] |
| 2258689 | NEW | CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [epel-all] |
| 2258692 | NEW | CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [epel-all] |
| 2258695 | NEW | CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [epel-all] |
| 2258698 | NEW | CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [epel-all] |
| 2258702 | NEW | CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [epel-all] |
| 2258705 | NEW | TRIAGE CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [epel-all] |
| 2258708 | NEW | CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [epel-all] |
| 2258710 | NEW | CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [epel-all] |
| 2259080 | NEW | CVE-2022-40896 python-pygments2: pygments: ReDoS in pygments [epel-all] |
| 2259484 | NEW | TRIAGE CVE-2024-22211 freerdp1.2: freerdp2: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset [epel-all] |
| 2259510 | NEW | CVE-2024-0679 wordpress: vulnerable to unauthorized access due to a missing capability check [epel-all] |
| 2259799 | NEW | CVE-2023-49568 cri-o:1.21/cri-o: go-git: Maliciously crafted Git server replies can cause DoS on go-git clients [epel-8] |
| 2259810 | NEW | CVE-2023-49569 cri-o:1.21/cri-o: go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients [epel-8] |
| 2260053 | NEW | TRIAGE CVE-2024-23638 clustal-omega: squid: vulnerable to a Denial of Service attack against Cache Manager error responses [epel-all] |
| 2262339 | NEW | CVE-2024-23645 glpi: Reflected XSS in reports pages [epel-all] |
| 2262341 | NEW | CVE-2023-51446 glpi: LDAP Injection during authentication [epel-all] |
| 2263230 | NEW | TRIAGE CVE-2024-24815 ckeditor: cross-site scripting vulnerability via incorrect CDATA detection [epel-all] |
| 2263235 | NEW | TRIAGE CVE-2024-24816 ckeditor: cross-site scripting vulnerability in samples with preview feature enabled [epel-all] |
| 2263854 | NEW | CVE-2024-1439 moodle: Inadequate access control [epel-all] |
| 2264300 | NEW | TRIAGE CVE-2024-24990 nginx:mainline/nginx: Use-after-free in HTTP/3 [epel-all] |
| 2264570 | NEW | TRIAGE CVE-2023-46809 nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) [epel-all] |
| 2264576 | NEW | TRIAGE CVE-2024-22019 nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks [epel-all] |
| 2264584 | NEW | TRIAGE CVE-2024-21892 nodejs: code injection and privilege escalation through Linux capabilities [epel-all] |
| 2264800 | NEW | CVE-2023-46809 nodejs:13/nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) [epel-all] |
| 2264801 | NEW | CVE-2023-46809 nodejs:16-epel/nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) [epel-all] |
| 2264804 | NEW | CVE-2024-22019 nodejs:13/nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks [epel-all] |
| 2264805 | NEW | CVE-2024-22019 nodejs:16-epel/nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks [epel-all] |
| 2264808 | NEW | CVE-2024-21892 nodejs:13/nodejs: code injection and privilege escalation through Linux capabilities [epel-all] |
| 2264809 | NEW | CVE-2024-21892 nodejs:16-epel/nodejs: code injection and privilege escalation through Linux capabilities [epel-all] |
| 2264902 | NEW | TRIAGE CVE-2024-25978 moodle: MSA-24-0001: Denial of service risk in file picker unzip functionality [epel-all] |
| 2264903 | NEW | TRIAGE CVE-2024-25979 moodle: MSA-24-0002: Forum search accepted random parameters in its URL [epel-all] |
| 2264906 | NEW | TRIAGE CVE-2024-25980 moodle: MSA-24-0003: H5P attempts report did not respect activity group settings [epel-all] |
| 2264909 | NEW | TRIAGE CVE-2024-25981 moodle: MSA-24-0004: Forum export did not respect activity group settings [epel-all] |
| 2264910 | NEW | TRIAGE CVE-2024-25982 moodle: MSA-24-0005: CSRF risk in Language import utility [epel-all] |
| 2264914 | NEW | TRIAGE CVE-2024-25983 moodle: MSA-24-0006: IDOR on dashboard comments block [epel-all] |
| 2265162 | NEW | TRIAGE CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function [epel-all] |
| 2265684 | NEW | CVE-2023-42282 nodejs:13/nodejs: nodejs-ip: arbitrary code execution via the isPublic() function [epel-all] |
| 2265685 | NEW | CVE-2023-42282 nodejs:16-epel/nodejs: nodejs-ip: arbitrary code execution via the isPublic() function [epel-all] |
| 2266128 | NEW | CVE-2023-6601 CVE-2023-6602 CVE-2023-6603 CVE-2023-6604 CVE-2023-6605 ffmpeg: Multiple vulnerabilities [epel-all] |
| 2266281 | NEW | CVE-2024-24806 libuv: Improper Domain Lookup that potentially leads to SSRF attacks [epel-all] |
| 2266282 | NEW | CVE-2024-24806 nodejs:13/libuv: Improper Domain Lookup that potentially leads to SSRF attacks [epel-all] |
| 2266622 | NEW | CVE-2024-21742 apache-james-project: : Apache James Mime4J: Mime4J DOM header injection [epel-all] |
| 2267263 | NEW | TRIAGE CVE-2024-27285 golang-github-aws-aws-sdk-go: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267268 | NEW | TRIAGE CVE-2024-27285 rubygem-dynect_rest: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267269 | NEW | TRIAGE CVE-2024-27285 rubygem-fog-core: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267270 | NEW | TRIAGE CVE-2024-27285 rubygem-fog-softlayer: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267275 | NEW | TRIAGE CVE-2024-27285 rubygem-thread_safe: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267276 | NEW | TRIAGE CVE-2024-27285 rubygem-vault: yard: Cross-site scripting in the frams.erb template file [epel-all] |
| 2267364 | NEW | CVE-2023-51747 apache-james-project: apache-james: SMTP smuggling [epel-all] |
| 2267499 | NEW | CVE-2024-27354 php-phpseclib: denial of service [epel-all] |
| 2267502 | NEW | CVE-2024-27355 php-phpseclib: denial of service [epel-all] |
| 2267658 | NEW | TRIAGE CVE-2024-27351 python-django16: python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() [epel-all] |
| 2268873 | NEW | CVE-2024-28180 cri-o:1.21/cri-o: jose-go: improper handling of highly compressed data [epel-all] |
| 2270561 | NEW | TRIAGE CVE-2024-22025 nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service [epel-all] |
| 2270562 | NEW | TRIAGE CVE-2024-22025 nodejs:13/nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service [epel-all] |
| 2270563 | NEW | TRIAGE CVE-2024-22025 nodejs:16-epel/nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service [epel-all] |
| 2270600 | NEW | CVE-2024-29018 kompose: moby: external DNS requests from 'internal' networks could lead to data exfiltration [epel-all] |
| 2270601 | NEW | CVE-2024-29018 manifest-tool: moby: external DNS requests from 'internal' networks could lead to data exfiltration [epel-all] |
| 2270862 | NEW | CVE-2024-29374 moodle: A Cross-Site Scripting (XSS) vulnerability in "?lang" parameter [epel-all] |
| 2272569 | NEW | TRIAGE CVE-2024-28219 python3-pillow: python-pillow: buffer overflow in _imagingcms.c [epel-all] |
| 2273035 | NEW | CVE-2024-28182 nodejs: nghttp2: CONTINUATION frames DoS [epel-all] |
| 2273043 | NEW | CVE-2024-27983 nodejs: CONTINUATION frames DoS [epel-all] |
| 2273392 | NEW | CVE-2024-28182 nodejs:13/nodejs: nghttp2: CONTINUATION frames DoS [epel-all] |
| 2273393 | NEW | CVE-2024-28182 nodejs:16-epel/nodejs: nghttp2: CONTINUATION frames DoS [epel-all] |
| 2273663 | NEW | TRIAGE CVE-2023-5692 wordpress: potential exposure of custom post slugs whose 'publicly_queryable' post status has been set to 'false' [epel-all] |
| 2273864 | NEW | CVE-2024-21506 python-pymongo: out of bounds read [epel-all] |
| 2274496 | NEW | CVE-2024-23076 bionetgen: jfreechart: Null pointer exception [epel-all] |
| 2275116 | NEW | CVE-2024-32489 php-tcpdf: HTML code injection [epel-all] |
| 2275349 | NEW | CVE-2024-1135 graphite-web: python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers [epel-all] |
| 2275351 | NEW | CVE-2024-1135 python3-gunicorn: python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers [epel-all] |
| 2275394 | NEW | CVE-2024-27982 nodejs: HTTP Request Smuggling via Content Length Obfuscation [epel-all] |
| 2275395 | NEW | CVE-2024-27982 nodejs:16-epel/nodejs: HTTP Request Smuggling via Content Length Obfuscation [epel-all] |
| 2276091 | NEW | TRIAGE CVE-2024-22640 php-tcpdf: tcpdf: ReDos when parsing an untrusted HTML page with a crafted color [epel-all] |
| 2277328 | NEW | CVE-2024-32046 purple-mattermost: mattermost: allows an attacker to get information about the server such as the full path were files are stored [epel-all] |
| 2277332 | NEW | CVE-2024-22091 purple-mattermost: mattermost: fail to limit the size of a request path causing excessive resource consumption [epel-all] |
| 2277335 | NEW | CVE-2024-4198 purple-mattermost: mattermost: fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest [epel-all] |
| 2277340 | NEW | CVE-2024-4195 purple-mattermost: mattermost: fail to fully validate role changes leading to promote guests to team admins [epel-all] |
| 2277343 | NEW | CVE-2024-4182 purple-mattermost: mattermost: fail to handle JSON parsing errors in custom status values [epel-all] |
| 2277347 | NEW | CVE-2024-4183 purple-mattermost: mattermost: fail to limit the number of active sessions [epel-all] |
| 2278047 | NEW | CVE-2024-27983 nodejs:16-epel/nodejs: CONTINUATION frames DoS [epel-all] |
| 2278701 | NEW | CVE-2024-3154 cri-o:1.21/cri-o: Arbitrary command injection via pod annotation [epel-all] |
| 2279489 | NEW | TRIAGE CVE-2024-34064 python3-jinja2: jinja2: accepts keys containing non-attribute characters [epel-all] |
| 2279587 | NEW | CVE-2024-29889 glpi: alter another user account data take control of it [epel-all] |
| 2279589 | NEW | CVE-2024-31456 glpi: uthenticated user can exploit a SQL injection vulnerability from map search [epel-all] |
| 2280915 | NEW | ffmpeg for epel8? |
| 2282041 | NEW | CVE-2024-33996 moodle: broken access control when setting calendar event type [epel-all] |
| 2282043 | NEW | CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor [epel-all] |
| 2282045 | NEW | CVE-2024-33998 moodle: stored XSS via user's name on participants page when opening some options [epel-all] |
| 2282048 | NEW | CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php [epel-all] |
| 2282050 | NEW | CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number [epel-all] |
| 2282052 | NEW | CVE-2024-34001 moodle: CSRF risk in admin preset tool management of presets [epel-all] |
| 2282054 | NEW | CVE-2024-34002 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup [epel-all] |
| 2282056 | NEW | CVE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup [epel-all] |
| 2282058 | NEW | CVE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup [epel-all] |
| 2282060 | NEW | CVE-2024-34005 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup [epel-all] |
| 2282062 | NEW | CVE-2024-34006 moodle: unsanitized HTML in site log for config_log_created [epel-all] |
| 2282064 | NEW | CVE-2024-34007 moodle: logout CSRF in admin/tool/mfa/auth.php [epel-all] |
| 2282066 | NEW | CVE-2024-34008 moodle: CSRF risk in analytics management of models [epel-all] |
| 2282068 | NEW | CVE-2024-34009 moodle: ReCAPTCHA can be bypassed on the login page [epel-all] |
| 2282120 | NEW | CVE-2024-35195 python-fedbadges: requests: subsequent requests to the same host ignore cert verification [epel-all] |
| 2282123 | NEW | CVE-2024-35195 python-pyvirtualize: requests: subsequent requests to the same host ignore cert verification [epel-all] |
| 2282124 | NEW | CVE-2024-35195 python3-docker: requests: subsequent requests to the same host ignore cert verification [epel-all] |
| 2282125 | ASSIGNED | CVE-2024-35195 transifex-client: requests: subsequent requests to the same host ignore cert verification [epel-all] |
| 2283383 | NEW | CVE-2024-33427 clustal-omega: squid: buffer overread leading to denial of service [epel-all] |
| 2284246 | NEW | CVE-2024-1298 edk2: Temporary DoS vulnerability [epel-all] |
| 2284367 | NEW | TRIAGE CVE-2024-3727 cri-o:1.21/cri-o: containers/image: digest type does not guarantee valid type [epel-all] |
| 2290761 | NEW | CVE-2024-5154 cri-o:1.21/cri-o: malicious container can create symlink on host [epel-all] |
| 2292309 | NEW | CVE-2024-37407 cmake3: libarchive: Out of bounds access in slurp_central_directory at archive_read_support_format_zip.c [epel-all] |
| 2292778 | NEW | CVE-2024-37890 nodejs-ws: denial of service when handling a request with many HTTP headers [epel-all] |
| 2292944 | NEW | CVE-2024-38273 moodle: BigBlueButton web service leaks meeting joining information to users who should not have access [epel-all] |
| 2292947 | NEW | CVE-2024-38274 moodle: stored XSS via calendar's event title when deleting the event [epel-all] |
| 2292948 | NEW | CVE-2024-38275 moodle: HTTP authorization header is preserved between "emulated redirects" [epel-all] |
| 2292950 | NEW | CVE-2024-38276 moodle: CSRF risks due to misuse of confirm_sesskey [epel-all] |
| 2292952 | NEW | CVE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys [epel-all] |
| 2293096 | NEW | CVE-2023-52424 hostapd: 802.11: SSID Confusion attack [epel-all] |
| 2293152 | NEW | CVE-2024-37891 docker-compose: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all] |
| 2293153 | NEW | CVE-2024-37891 mote: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all] |
| 2293159 | ASSIGNED | CVE-2024-37891 transifex-client: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all] |
| 2293210 | NEW | CVE-2024-28863 nodejs:13/nodejs: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8] |
| 2293211 | NEW | CVE-2024-28863 nodejs:16-epel/nodejs: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8] |
| 2293707 | NEW | CVE-2024-37674 moodle: XSS via the Field Name (name parameter) of a new activity [epel-all] |
| 2294206 | NEW | CVE-2024-6305 CVE-2024-6306 CVE-2024-6307 wordpress: multiple vulnerabilities [epel-all] |
| 2294338 | NEW | rss2email and epel |
| 2294675 | NEW | CVE-2023-52892 php-phpseclib: php-seclib: Incorrect allowed input via Subject Alternative Name fields [epel-all] |
| 2298408 | NEW | Please build python3.12-scons for epel8 |
| 2307569 | ASSIGNED | Please branch and build sd in epel8 |
| 2311433 | NEW | CVE-2024-42486 cri-o: Gateway resources continue to establish sessions using revoked ReferenceGrants [epel-8] |
| 2318164 | NEW | [Major Incident] CVE-2024-21626 cri-o:1.21/cri-o: file descriptor leak [epel-8] |
| 2318512 | NEW | CVE-2024-9341 cri-o:1.21/cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library [epel-8] |
| 2320059 | NEW | Please branch and build ansible-collection-community-crypto for EPEL8 |