Will It Bugz With No Source on epel8

Repo Status - Overall Status
Page updated: 2024-12-18 07:36

epel8

Bugz With No Source

1229473 NEW RFA: pymol
1498887 NEW please create an epel8 package for remind
1741758 NEW Request to build httpd-itk for EPEL 8
1741770 NEW Request to build sscep for EPEL 8
1741776 NEW Request to build unison240 for EPEL 8
1744504 NEW Please build php-extras for EPEL 8
1749146 NEW Build LXQt in EPEL8
1749520 ASSIGNED build of erlang-rebar for EPEL 8
1749521 NEW Summary: build of erlang-sd_notify for EPEL 8
1749546 NEW build of rubygem-rgen for EPEL 8
1752945 NEW build of elixir for EPEL 8
1752946 NEW build of rabbitmq-server for EPEL 8
1754290 NEW Request to build pangox-compat for EPEL 8
1756673 ON_QA Build fvwm 2.6.9 for EPEL8
1756999 NEW Please build libircclient for EPEL-8
1757002 NEW docbook-utils-pdf missing in RHEL8/CentOS-8: need it in EPEL8
1757014 NEW Please build mpdecimal for EPEL-8
1757033 NEW Please build ttembed for EPEL-8
1757597 NEW unifdef not built for EL8
1758005 NEW build xlockmore for epel8
1759124 NEW Branch request: python-XStatic-Patternfly for epel8
1759129 NEW Branch request: nodejs-typeahead.js for epel8
1759459 NEW Please build phpMyAdmin for EPEL8
1760019 NEW Request to package check-mk for EPEL 8
1761034 NEW Request to build nodejs-ronn for EPEL8
1761454 NEW libnetfilter_log missing from EPEL8
1763768 NEW [RFE] EPEL8 branch of rubygem-sass
1765789 NEW Please build uucp for EPEL 8
1768105 NEW Request to build mantis for EPEL8
1769168 NEW Add dnfdragora to EPEL8
1770068 NEW Request to package Tilix for EPEL 8
1777363 NEW Include resolv_wrapper in EPEL 8
1777957 NEW Provide burp EPEL8 packages
1780527 NEW CVE-2019-14899 ike: openvpn: ike: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel [epel-8]
1783797 NEW SNMPTT
1786134 NEW Package request: grads for EPEL 8
1788529 NEW qemu-system-x86 missing
1789273 NEW Request to build opus-tools for EPEL 8
1790952 ASSIGNED Build ckeditor for epel8?
1794228 POST RFE: Please support an EPEL 8 branch
1795527 NEW i enabled rhel 8 repo on fedora
1796606 NEW Package mod-bw for EPEL8
1798907 NEW Request to package mapserver for EPEL8
1800889 ASSIGNED requesting ikiwiki epel build for el7 and especially el8
1803973 NEW CGI::Session is missing in epel8
1804789 NEW Request to build mirrormanager2 for EPEL8
1809020 NEW qiv EPEL8
1810386 NEW Request build pnglite for EPEL 8
1810392 NEW Request build json-parser for EPEL 8
1810823 NEW Please build an EPEL8 build for lbzip2-utils
1813466 NEW request for compiz 0.8.x in EPEL 8
1817063 NEW [RFE] xqilla: epel8 build request
1817311 ASSIGNED RFE: build rss2emai for epel8
1822241 NEW upower present in both epel8-playground and AppStream
1822812 NEW Request to package beanstalkd for EPEL 8
1823313 ASSIGNED Please release it for EPEL-8
1823997 NEW [RFE] perdition: epel8 build request.
1830821 POST Please build python-pypandoc for EPEL 8
1832886 NEW 0ad package for EPEL 8
1835282 NEW Please build an EPEL8 build for fts
1842675 NEW package - backup-manager - not available in epel8-repository
1843880 NEW [EPEL8][RFE] python-oauth2 for EPEL8
1844832 NEW Request that keepassx be added to epel8
1845285 NEW Enable epel8 build
1846028 NEW Branch request: Euca2ools for EPEL8
1847573 NEW Please provide antlr3 version for EPEL8
1847577 NEW build python-cmd2 for EPEL 8
1847692 NEW Request to package python-virtualenvwrapper for EPEL 8
1850645 ASSIGNED Add perl-DBD-MariaDB to EPEL8
1850770 NEW Package xml-security-c-devel not available in epel8
1850791 NEW Please build an EPEL8 build for python3-qt5
1854685 NEW pam_mysql is missing in el8
1859767 NEW Please make valkyrie V2 or V3 available on EPEL8
1860573 ASSIGNED php-google-apiclient missing in EPEL 8
1860574 ASSIGNED php-markdown missing in EPEL 8
1860576 ASSIGNED php-pear-OLE missing in EPEL 8
1860577 ASSIGNED php-simplepie missing in EPEL 8
1860580 NEW moodle missing in EPEL 8
1861320 NEW Unison is missing from EPEL 8
1868371 NEW CentOS8 - numpad do not work in KDE Plasma
1868381 NEW [EPEL8][RFE] rubygem-sinatra for EPEL8
1873103 NEW rebuild collectl package for EPEL8
1876003 NEW Please make fzf available in EPEL 8
1876371 NEW Please provide ferm for EPEL 8
1880869 NEW EL8 package missing
1883211 NEW [RFE] htmldoc for RHEL8
1885570 NEW python-behave for EL8
1892759 NEW Please build and EPEL8 build
1892760 NEW Please build and EPEL8 build
1892765 NEW Please build and EPEL8 build
1895652 NEW CentOS 8 / Python 3.6 build error...
1895690 NEW [EPEL8] There is no libcxx RPM in epel8
1897298 NEW viewvc package request for EPEL 8 (viewvc package not available in EPEL 8 )
1897465 NEW provide icecream package for epel8
1901322 NEW statsd missing in CentOS 8
1902817 NEW mysql++ and mysql++-devel not available in CentOS 8
1906889 NEW Build whatsup for RHEL8
1911055 NEW Request to package php-pear-Mail-Mime for EPEL 8
1911056 NEW Request to package php-pear-Crypt_GPG for EPEL 8
1911057 NEW Request to package php-pear-Net-Sieve for EPEL 8
1911058 NEW Request to package php-pear-Net-LDAP2 for EPEL 8
1911059 NEW Request to package php-kolab-net-ldap3 for EPEL 8
1911060 NEW Request to package php-endroid-qrcode for EPEL 8
1911062 NEW Request to package php-masterminds-html5 for EPEL 8
1916994 NEW libuv-devel and libuv version does not match
1933855 ASSIGNED [EPEL8] please build sigul for EPEL8
1946686 NEW EPEL 8 FTBFS Tracker
1960856 NEW Please build guake for EPEL8
1976085 NEW Request to package unhide for epel8
1979307 NEW [f2fs-tools] Unable to resize f2fs partition on F34 for the pinephone, but it works on F33
1982735 ASSIGNED request for postgis in EPEL-8
1989979 NEW Request adding "python3-exiv2" to epel 8
1995353 NEW qemu: Request for EPEL-8 build
1996245 ASSIGNED Port to EL8?
1998160 NEW EPEL to RHEL package removal tracker
1998606 NEW KDE Desktop hangs randomly once a day after recent update, worked fine the year before
2006154 NEW Please build ytnef for EPEL 8
2008520 NEW please provide an epel 8 build too
2014254 NEW shellinabox not included in EPEL 8 repo
2030319 NEW nosync: Please release it for EPEL8
2036295 NEW Branch request: massif-visualizer for epel8
2054317 NEW Please build for EPEL 8+
2056195 NEW Please, branch and build inchi for EPEL8
2056835 NEW Please branch and build same check-mk-agent as in epel7
2061807 NEW CVE-2022-0235 nodejs:13/nodejs: node-fetch: exposure of sensitive information to an unauthorized actor [epel-all]
2066361 NEW Please branch and build argtable in epel8
2071933 NEW CVE-2022-26280 cmake3: libarchive: an out-of-bounds read via the component zipx_lzma_alone_init [epel-all]
2073584 NEW CVE-2021-44906 nodejs-minimist: minimist: prototype pollution [epel-all]
2073933 NEW CVE-2022-0088 yourls: CSRF may trick user to logout [epel-all]
2074248 NEW CVE-2022-27191 golang-googlecode-go-crypto: golang: crash in a golang.org/x/crypto/ssh server [epel-all]
2074394 NEW CVE-2022-24191 htmldoc: infinite loop in the gif_read_lzw function can lead to a buffer overflow [epel-all]
2074859 NEW CVE-2022-28346 python-django-ajax-selects: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() [epel-all]
2074860 NEW CVE-2022-28346 python-django-helpdesk: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() [epel-all]
2074875 NEW CVE-2022-28347 python-django-ajax-selects: Django: SQL injection via QuerySet.explain(options) on PostgreSQL [epel-all]
2074877 NEW CVE-2022-28347 python-django-helpdesk: Django: SQL injection via QuerySet.explain(options) on PostgreSQL [epel-all]
2076231 NEW CVE-2022-26612 hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows [epel-all]
2078903 ASSIGNED EPEL8 builds for python-bitmath
2079212 NEW CVE-2022-24883 freerdp1.2: freerdp: Server Side Auth Against a SAM File May Succeed for Invalid Creds [epel-all]
2079213 NEW CVE-2022-24882 freerdp1.2: freerdp: Server side NTLM does not properly check parameters [epel-all]
2080831 NEW CVE-2022-21144 nodejs-libxmljs: libxmljs: libxmljs V8 parseXml buffer overflow [epel-all]
2080988 NEW CVE-2021-21897 librecad: libdxflib: heap-based buffer overflow in the DL_Dxf:handleLWPolylineData function [epel-all]
2081032 NEW CVE-2022-28085 htmldoc: heap buffer overflow in function pdf_write_names in ps-pdf.cxx [epel-all]
2081138 NEW CVE-2022-29970 rubygem-sinatra: sinatra: path traversal possible outside of public_dir when serving static files [epel-all]
2082550 NEW CVE-2022-30293 pywebkitgtk: webkitgtk: heap-buffer-overflow in WebCore::TextureMapperLayer::setContentsLayer [epel-all]
2082553 NEW CVE-2022-30294 pywebkitgtk: webkitgtk: heap-buffer-overflow in WebCore::TextureMapperLayer::setContentsLayer [epel-all]
2083147 NEW CVE-2018-25033 admesh: heap-buffer-overflow in stl_update_connects_remove_1() of src/connect.c [epel-all]
2087625 NEW CVE-2022-25605 wordpress: vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6) [epel-all]
2087629 NEW CVE-2022-30596 moodle: Stored XSS in assignment bulk marker allocation form via user ID number [epel-all]
2087630 NEW CVE-2022-30597 moodle: Description field hidden by user policies (hiddenuserfields) is still visible [epel-all]
2087631 NEW CVE-2022-30598 moodle: global search results reveal authors of content unexpectedly for some activities [epel-all]
2087637 NEW CVE-2022-30600 moodle: Failed login attempts counted incorrectly [epel-all]
2087638 NEW CVE-2022-30599 moodle: SQL injection risk in badge award criteria [epel-all]
2087643 NEW CVE-2022-25602 wordpress: Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change [epel-all]
2087645 NEW CVE-2022-25603 wordpress: Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5) [epel-all]
2088784 NEW Please branch and build Rextext for Epel8
2091409 NEW CVE-2022-25604 wordpress: Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2) [epel-all]
2092689 NEW CVE-2022-28948 golang-gopkg-yaml: crash when attempting to deserialize invalid input [epel-all]
2093152 NEW CVE-2022-26944 percona-xtrabackup: Information exposure via cmd line output and table history into backup file [epel-all]
2093190 NEW CVE-2022-30287 php-horde-turba: horde webmail - Remote Code Execution via Email (CSRF) [epel-all]
2098559 NEW CVE-2022-29244 nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace [epel-all]
2098560 NEW CVE-2022-29244 nodejs:13/nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace [epel-all]
2098561 NEW CVE-2022-29244 nodejs:16-epel/nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace [epel-all]
2100730 NEW CVE-2021-46784 clustal-omega: squid: DoS when processing gopher server responses [epel-all]
2102908 NEW CVE-2022-33987 nodejs:13/nodejs: got: missing verification of requested URLs allows redirects to UNIX sockets [epel-all]
2102998 NEW CVE-2022-23712 elasticdump: elasticsearch: DoS via a specifically formatted network request [epel-all]
2106304 NEW CVE-2022-31056 glpi: an sql injection on the actor fields [epel-all]
2106448 NEW CVE-2021-44537 owncloud-client: Resource Injection via a url could result in RCE [epel-all]
2107245 NEW FTBFS: authbind on epel8
2108038 NEW CVE-2022-35649 moodle: PostScript Code Injection / Remote code execution risk [epel-all]
2108040 NEW CVE-2022-35650 moodle: Arbitrary file read when importing lesson questions [epel-all]
2108042 NEW CVE-2022-35651 moodle: Stored XSS and blind SSRF possible via SCORM track details [epel-all]
2108044 NEW CVE-2022-35652 moodle: Open redirect risk in mobile auto-login feature [epel-all]
2108046 NEW CVE-2022-35653 moodle: LTI module reflected XSS risk - affecting unauthenticated users only [epel-all]
2108442 NEW Please branch and build python-poetry-core for EPEL8
2108490 NEW CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding [epel-all]
2108491 NEW CVE-2022-32213 nodejs:13/nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding [epel-all]
2108492 NEW CVE-2022-32213 nodejs:16-epel/nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding [epel-all]
2108496 NEW CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields [epel-all]
2108498 NEW CVE-2022-32214 nodejs:13/nodejs: HTTP request smuggling due to improper delimiting of header fields [epel-all]
2108500 NEW CVE-2022-32214 nodejs:16-epel/nodejs: HTTP request smuggling due to improper delimiting of header fields [epel-all]
2108509 NEW CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding [epel-all]
2108510 NEW CVE-2022-32215 nodejs:13/nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding [epel-all]
2108511 NEW CVE-2022-32215 nodejs:16-epel/nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding [epel-all]
2108518 NEW CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses [epel-all]
2108519 NEW CVE-2022-32212 nodejs:13/nodejs: DNS rebinding in --inspect via invalid IP addresses [epel-all]
2108520 NEW CVE-2022-32212 nodejs:16-epel/nodejs: DNS rebinding in --inspect via invalid IP addresses [epel-all]
2110707 NEW CVE-2022-31160 python-XStatic-jquery-ui: jqueryui: CVE-2022-31160 [epel-all]
2112796 NEW CVE-2021-41556 squirrel: out-of-bounds read in core interpreter allows sandbox escape leads to code execution [epel-all]
2112864 NEW There is no mysql-utilities RPM in epel8
2118954 NEW CVE-2020-21365 wkhtmltopdf: same origin policy allows local files to be read by default [epel-all]
2118984 NEW CVE-2021-33235 htmldoc: heap-buffer-overflow on write_node in htmldoc/htmldoc/html.cxx [epel-all]
2118987 NEW CVE-2021-33236 htmldoc: heap-buffer-overflow on write_header in htmldoc/htmldoc/html.cxx [epel-all]
2119086 NEW CVE-2022-25168 hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar [epel-all]
2119514 NEW CVE-2022-39047 freeciv: Modpack Installer buffer overflow [epel-all]
2121636 NEW CVE-2022-2995 cri-o:1.21/cri-o: incorrect handling of the supplementary groups [epel-all]
2122152 NEW CVE-2022-35133 cherrytree: XSS via a crafted payload injected into the Name text field when creating a node [epel-all]
2122182 NEW CVE-2022-2986 moodle: CSRF risk in enabling/disabling installed H5P libraries [epel-all]
2122730 POST CVE-2021-33455 yasm: NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c [epel-all]
2122732 POST CVE-2021-33463 yasm: NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c [epel-all]
2122741 POST CVE-2021-33460 yasm: NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c [epel-all]
2122743 NEW CVE-2021-33458 yasm: NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c [epel-all]
2122745 NEW CVE-2021-33461 yasm: use-after-free in yasm_intnum_destroy() in libyasm/intnum.c [epel-all]
2122748 NEW CVE-2021-33462 yasm: use-after-free in expr_traverse_nodes_post() in libyasm/expr.c [epel-all]
2122750 NEW CVE-2021-33464 yasm: heap-based buffer overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c [epel-all]
2122752 NEW CVE-2021-33465 yasm: NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c [epel-all]
2122754 NEW CVE-2021-33466 yasm: NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c [epel-all]
2122756 NEW CVE-2021-33467 yasm: use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c [epel-all]
2122758 NEW CVE-2021-33468 yasm: use-after-free in error() in modules/preprocs/nasm/nasm-pp.c [epel-all]
2122935 NEW Please branch and build python-pillow for EPEL 8
2128148 NEW CVE-2022-40313 moodle: Stored XSS and page denial of service risks due to recursive rendering in Mustache template helpers [epel-all]
2128152 NEW CVE-2022-40316 moodle: No groups filtering in H5P activity attempts report [epel-all]
2128153 NEW CVE-2022-40315 moodle: Minor SQL injection risk in admin user browsing [epel-all]
2128223 NEW CVE-2022-1278 jandex-maven-plugin: WildFly: possible information disclosure [epel-all]
2128224 NEW CVE-2022-1278 wildfly-common: WildFly: possible information disclosure [epel-all]
2130197 NEW CVE-2022-39835 gajim: security issue [epel-all]
2130200 NEW CVE-2022-39835 python-nbxmpp: gajim: security issue [epel-all]
2130524 NEW CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen [epel-all]
2130525 NEW CVE-2022-35255 nodejs:13/nodejs: weak randomness in WebCrypto keygen [epel-all]
2130526 NEW CVE-2022-35255 nodejs:16-epel/nodejs: weak randomness in WebCrypto keygen [epel-all]
2130533 NEW CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields [epel-all]
2130534 NEW CVE-2022-35256 nodejs:13/nodejs: HTTP Request Smuggling due to incorrect parsing of header fields [epel-all]
2130536 NEW CVE-2022-35256 nodejs:16-epel/nodejs: HTTP Request Smuggling due to incorrect parsing of header fields [epel-all]
2130766 NEW CVE-2022-39261 php-twig: twig: Possibility to load a template outside a configured directory when using the filesystem loader [epel-all]
2134779 NEW Please include flang
2135443 NEW CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function [epel-all]
2135444 NEW CVE-2022-3517 nodejs:13/nodejs: nodejs-minimatch: ReDoS via the braceExpand function [epel-all]
2135445 NEW CVE-2022-3517 nodejs:16-epel/nodejs: nodejs-minimatch: ReDoS via the braceExpand function [epel-all]
2135589 NEW CVE-2020-35539 wordpress: Data Manipulation with X-Forwarded-For header at WordPress [epel-all]
2136844 NEW please branch and build healpix in epel8
2138097 NEW Please branch and build Julia in epel8
2138129 NEW CVE-2022-39286 python-jupyter-core: jupyter-core: arbitrary code execution [epel-all]
2139924 NEW CVE-2022-39323 glpi: SQL Injection on REST API [epel-all]
2140585 NEW CVE-2022-3872 qemu: sdhci: buffer data port register off-by-one read/write [epel-all]
2140914 NEW CVE-2022-43548 nodejs:13/nodejs: DNS rebinding in inspect via invalid octal IP address [epel-8]
2140915 NEW CVE-2022-43548 nodejs:16-epel/nodejs: DNS rebinding in inspect via invalid octal IP address [epel-8]
2141412 NEW CVE-2022-31008 rabbitmq-server: URI encryption with predictable secret seed [epel-all]
2144973 NEW CVE-2022-36227 cmake3: libarchive: Null pointer dereference in archive_write.c [epel-all]
2147512 NEW CVE-2022-4064 rubygem-dalli: code injection via flush_all [epel-all]
2148543 NEW CVE-2022-4144 qemu: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read [epel-all]
2151100 NEW CVE-2022-24999 nodejs:13/nodejs: express: "qs" prototype poisoning causes the hang of the node process [epel-8]
2151596 NEW We can no longer install pybind11-devel from EPEL or Powertools on CentOS Stream 8
2152612 NEW Please branch and beaker-client for epel8
2154256 NEW Please branch and build gstreamer1-rtsp-server in epel8
2155653 NEW CVE-2022-4318 cri-o:1.21/cri-o: /etc/passwd tampering privesc [epel-8]
2156291 NEW SDL2: memory leak in GLES_CreateTexture() in render/opengles/SDL_render_gles.c [epel-all]
2157202 NEW Request EPEL 8 rpms for python-healpy
2158444 NEW Please release it for EPEL8
2159639 NEW CVE-2023-22622 wordpress: DoS via the wp-cron.php functionality due to improper restriction of the amount for request handling [epel-all]
2163040 NEW CVE-2022-41717 cri-o:1.21/cri-o: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163042 NEW CVE-2022-41717 dnscrypt-proxy2: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [epel-all]
2163540 NEW CVE-2022-3064 golang-gopkg-yaml: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [epel-all]
2163542 NEW CVE-2022-3064 kompose: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [epel-all]
2165637 NEW CVE-2023-23921 moodle: Reflected XSS risk in some returnurl parameters [epel-all]
2165640 NEW CVE-2023-23922 moodle: Reflected XSS risk in blog search [epel-all]
2165642 NEW CVE-2023-23923 moodle: Possible to set the preferred "start page" of other users [epel-all]
2166506 NEW epel8: llvm11 FTBFS due to cmake
2169607 NEW CVE-2023-0361 mod_gnutls: gnutls: timing side-channel in the TLS RSA key exchange code [epel-all]
2170650 NEW CVE-2022-38900 nodejs:13/nodejs: decode-uri-component: improper input validation resulting in DoS [epel-8]
2172149 NEW CVE-2023-23918 nodejs: Node.js: Permissions policies can be bypassed via process.mainModule [epel-all]
2172150 NEW CVE-2023-23918 nodejs:16-epel/nodejs: Node.js: Permissions policies can be bypassed via process.mainModule [epel-all]
2172151 NEW CVE-2023-23918 nodejs:13/nodejs: Node.js: Permissions policies can be bypassed via process.mainModule [epel-all]
2172173 NEW CVE-2023-23919 nodejs: Node.js: OpenSSL error handling issues in nodejs crypto library [epel-all]
2172176 NEW CVE-2023-23919 nodejs:16-epel/nodejs: Node.js: OpenSSL error handling issues in nodejs crypto library [epel-all]
2172191 NEW CVE-2023-23936 nodejs: Node.js: Fetch API did not protect against CRLF injection in host headers [epel-all]
2172192 NEW CVE-2023-23936 nodejs:16-epel/nodejs: Node.js: Fetch API did not protect against CRLF injection in host headers [epel-all]
2172205 NEW CVE-2023-24807 nodejs: Node.js: Regular Expression Denial of Service in Headers fetch API [epel-all]
2172206 NEW CVE-2023-24807 nodejs:16-epel/nodejs: Node.js: Regular Expression Denial of Service in Headers fetch API [epel-all]
2172218 NEW CVE-2023-23920 nodejs: Node.js: insecure loading of ICU data through ICU_DATA environment variable [epel-all]
2172219 NEW CVE-2023-23920 nodejs:16-epel/nodejs: Node.js: insecure loading of ICU data through ICU_DATA environment variable [epel-all]
2173646 NEW CVE-2023-23931 python3-cryptography: python-cryptography: memory corruption via immutable objects [epel-all]
2173647 NEW CVE-2023-23931 python3-cryptography-vectors: python-cryptography: memory corruption via immutable objects [epel-all]
2174279 NEW CVE-2022-25881 nodejs:13/nodejs: http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability [epel-all]
2174280 NEW CVE-2022-25881 nodejs:16-epel/nodejs: http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability [epel-all]
2176449 NEW Build CGI::FormBuilder for EPEL8
2177772 NEW CVE-2023-1350 liferea: RCE vulnerability on feed enrichment [epel-all]
2178396 NEW CVE-2022-41723 cri-o:1.21/cri-o: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178398 NEW CVE-2022-41723 dnscrypt-proxy2: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178402 NEW CVE-2022-41723 golang-googlecode-net: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178404 NEW CVE-2022-41723 kompose: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]
2178900 NEW CVE-2022-46908 sqlite2: sqlite: safe mode authorizer callback allows disallowed UDFs [epel-all]
2179311 NEW CVE-2023-27117 wabt: WebAssembly: heap overflow via the component wabt::Node::operator. [epel-all]
2179317 NEW CVE-2023-27119 wabt: WebAssembly: segmentation fault via component wabt::Decompiler::WrapChild. [epel-all]
2179645 NEW CVE-2023-28120 rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice [epel-all]
2182903 NEW CVE-2023-26464 log4j-jboss-logmanager: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [epel-all]
2184903 NEW CVE-2023-25824 mbedtls: mod_gnutls: trace level logging causing DoS [epel-all]
2185992 NEW CVE-2023-29469 rubygem-nokogiri: libxml2: Hashing of empty dict strings isn't deterministic [epel-all]
2186002 NEW CVE-2023-28484 rubygem-nokogiri: libxml2: NULL dereference in xmlSchemaFixupComplexType [epel-all]
2186293 NEW CVE-2023-29580 yasm: Segmentation violation via the component yasm_expr_create at /libyasm/expr.c [epel-all]
2186880 ON_QA Please branch and build libomemo in epel9 and epel8
2188992 NEW Please branch and build sscep in epel8
2189616 NEW CVE-2023-29579 yasm: stack-based buffer overflow in x86_dir_cpu() in modules/arch/x86/x86arch.c [epel-all]
2189663 NEW Please branch and build light-locker in epel8
2189932 NEW CVE-2023-30402 yasm: heap-based buffer overflow in handle_dot_label() in modules/parsers/nasm/nasm-token.re [epel-all]
2196401 ASSIGNED Please branch and build python-cliff in epel8
2203215 NEW CVE-2023-31979 catdoc: buffer overflow in process_file() in src/reader.c [epel-all]
2207544 NEW python carbon rpm is missing in EPEL 8 and EPEL 9
2207611 NEW CVE-2021-31239 sqlite2: sqlite: denial of service via the appendvfs.c function [epel-all]
2208239 NEW Please branch and build gprbuild in epel8
2208241 NEW Please branch and build xmlada in epel8
2208328 NEW CVE-2023-1601 qemu: QXL: integer overflow in cursor_alloc (incomplete fix for CVE-2021-4206) [epel-all]
2209424 NEW CVE-2023-31669 wabt: Crash in libc++abi.dylib [epel-all]
2209505 NEW CVE-2023-32067 nodejs:13/nodejs: c-ares: 0-byte UDP payload Denial of Service [epel-8]
2209540 NEW CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 nodejs:13/nodejs: various flaws [epel-8]
2209541 NEW CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 nodejs:16-epel/nodejs: various flaws [epel-8]
2209575 NEW CVE-2023-31518 teeworlds: heap use-after-free in the component CDataFileReader::GetItem of teeworlds [epel-all]
2209578 NEW CVE-2023-31517 teeworlds: memory leaks [epel-all]
2210037 NEW Please branch and build ipmiutil in epel8
2210246 NEW CVE-2023-31723 CVE-2023-31724 CVE-2023-31725 yasm: various flaws [epel-all]
2216941 NEW TRIAGE-CVE-2023-36191 sqlite2: sqlite: CLI fault on missing -nonce [epel-all]
2219827 NEW CVE-2023-30581 nodejs:16-epel/nodejs: mainModule.proto bypass experimental policy mechanism [epel-all]
2219828 NEW CVE-2023-30581 nodejs: mainModule.proto bypass experimental policy mechanism [epel-all]
2220675 NEW CVE-2023-26136 nodejs:13/nodejs: tough-cookie: prototype pollution in cookie memstore [epel-all]
2220697 NEW CVE-2023-30584 nodejs:16-epel/nodejs: path traversal bypass in experimental permission model [epel-all]
2220698 NEW CVE-2023-30584 nodejs: path traversal bypass in experimental permission model [epel-all]
2220709 NEW CVE-2023-30587 nodejs:16-epel/nodejs: inspector protocol bypass the experimental permission model [epel-all]
2220710 NEW CVE-2023-30587 nodejs: inspector protocol bypass the experimental permission model [epel-all]
2220722 NEW CVE-2023-30582 nodejs:16-epel/nodejs: fs.watchFile bypass in experimental permission model [epel-all]
2220723 NEW CVE-2023-30582 nodejs: fs.watchFile bypass in experimental permission model [epel-all]
2220734 NEW CVE-2023-30583 nodejs:16-epel/nodejs: fs.openAsBlob bypass in experimental permission model [epel-all]
2220735 NEW CVE-2023-30583 nodejs: fs.openAsBlob bypass in experimental permission model [epel-all]
2220740 NEW CVE-2023-30583 nodejs:16-epel/nodejs: fs.openAsBlob bypass in experimental permission model [epel-all]
2220741 NEW CVE-2023-30583 nodejs: fs.openAsBlob bypass in experimental permission model [epel-all]
2220752 NEW CVE-2023-30585 nodejs:16-epel/nodejs: privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process [epel-all]
2220753 NEW CVE-2023-30585 nodejs: privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process [epel-all]
2220764 NEW CVE-2023-30586 nodejs:16-epel/nodejs: OpenSSL engines can be used to bypass the permission model [epel-all]
2220765 NEW CVE-2023-30586 nodejs: OpenSSL engines can be used to bypass the permission model [epel-all]
2220776 NEW CVE-2023-30588 nodejs:16-epel/nodejs: process interuption due to invalid Public Key information in x509 certificates [epel-all]
2220777 NEW CVE-2023-30588 nodejs: process interuption due to invalid Public Key information in x509 certificates [epel-all]
2220788 NEW CVE-2023-30589 nodejs:16-epel/nodejs: HTTP Request Smuggling via Empty headers separated by CR [epel-all]
2220789 NEW CVE-2023-30589 nodejs: HTTP Request Smuggling via Empty headers separated by CR [epel-all]
2220794 NEW CVE-2023-30590 nodejs:16-epel/nodejs: DiffieHellman do not generate keys after setting a private key [epel-all]
2220795 NEW CVE-2023-30590 nodejs: DiffieHellman do not generate keys after setting a private key [epel-all]
2220918 NEW unifont package not available in EPEL8 / EPEL9
2220989 NEW Please branch and build xca in epel8
2222024 NEW TRIAGE-CVE-2022-24834 redis: heap overflow in the lua cjson and cmsgpack libraries [epel-all]
2222509 NEW CVE-2022-25883 nodejs:13/nodejs: nodejs-semver: Regular expression denial of service [epel-all]
2222510 NEW CVE-2022-25883 nodejs:16-epel/nodejs: nodejs-semver: Regular expression denial of service [epel-all]
2223397 NEW CVE-2021-31294 redis: an assertion failure in a primary server by sending a non-administrative command [epel-all]
2229266 NEW Please branch and build rabbitvcs for EPEL 8
2229577 NEW CVE-2023-3978 cri-o:1.21/cri-o: golang.org/x/net/html: Cross site scripting [epel-all]
2229578 NEW CVE-2023-3978 golang-googlecode-net: golang.org/x/net/html: Cross site scripting [epel-all]
2229580 NEW CVE-2023-3978 kompose: golang.org/x/net/html: Cross site scripting [epel-all]
2233374 NEW CVE-2023-32002 nodejs:16-epel/nodejs: Permissions policies can be bypassed via Module._load [epel-8]
2233376 NEW CVE-2023-32002 nodejs:13/nodejs: Permissions policies can be bypassed via Module._load [epel-8]
2233387 NEW TRIAGE-CVE-2023-32006 nodejs:16-epel/nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() [epel-8]
2233389 NEW TRIAGE-CVE-2023-32006 nodejs:13/nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() [epel-8]
2233400 NEW CVE-2023-32559 nodejs:13/nodejs: Permissions policies can be bypassed via process.binding [epel-8]
2233403 NEW CVE-2023-32559 nodejs:16-epel/nodejs: Permissions policies can be bypassed via process.binding [epel-8]
2235275 NEW CVE-2020-22628 LibRaw-epel: libraw: Out of bounds read in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp [epel-8]
2235347 NEW CVE-2023-31566 podofo: use-after-free in PoDoFo::PdfEncrypt::IsMetadataEncrypted [epel-all]
2235352 NEW CVE-2023-31567 podofo: heap-based buffer overflow in PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3 [epel-all]
2235804 NEW TRIAGE-CVE-2020-22217 nodejs:13/nodejs: c-ares: read-heap-buffer-overflow in ares_parse_soa_reply [epel-all]
2236391 NEW CVE-2023-39615 mingw-libxml2: libxml2: crafted xml can cause global buffer overflow [epel-all]
2240980 NEW CVE-2023-41910 lldpd: lldpd CDP PDU Packet cdp.c out-of-bounds read [epel-all]
2241257 NEW CVE-2023-5217 godot: libvpx: Heap buffer overflow in vp8 encoding in libvpx [epel-all]
2241808 NEW CVE-2023-44488 godot: TRIAGE-CVE-2023-44488 libvpx: crash related to VP9 encoding [epel-all]
2243324 NEW [Major Incident] CVE-2023-44487 nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all]
2243331 NEW [Major Incident] CVE-2023-44487 varnish: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all]
2244438 NEW TRIAGE-CVE-2023-39331 nodejs:16-epel/nodejs: permission model improperly protects against path traversal [epel-8]
2244439 NEW TRIAGE-CVE-2023-39331 nodejs:13/nodejs: permission model improperly protects against path traversal [epel-8]
2244449 NEW TRIAGE-CVE-2023-39331 nodejs:16-epel/nodejs: permission model improperly protects against path traversal [epel-8]
2244450 NEW TRIAGE-CVE-2023-39331 nodejs:13/nodejs: permission model improperly protects against path traversal [epel-8]
2244460 NEW TRIAGE-CVE-2023-39332 nodejs:16-epel/nodejs: path traversal through path stored in Uint8Array [epel-8]
2244461 NEW TRIAGE-CVE-2023-39332 nodejs:13/nodejs: path traversal through path stored in Uint8Array [epel-8]
2244485 NEW CVE-2023-38552 nodejs:16-epel/nodejs: integrity checks according to policies can be circumvented [epel-8]
2244487 NEW CVE-2023-38552 nodejs:13/nodejs: integrity checks according to policies can be circumvented [epel-8]
2244490 NEW CVE-2023-39333 nodejs:16-epel/nodejs: code injection via WebAssembly export names [epel-8]
2244491 NEW CVE-2023-39333 nodejs:13/nodejs: code injection via WebAssembly export names [epel-8]
2244941 NEW CVE-2023-45145 redis: possible bypass of Unix socket permissions on startup [epel-all]
2246490 NEW TRIAGE CVE-2018-25091 docker-compose: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all]
2246492 NEW TRIAGE CVE-2018-25091 mote: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect [epel-all]
2246539 NEW CVE-2023-46118 rabbitmq-server: DoS by publishing large messages over the HTTP API [epel-all]
2246807 NEW Please branch and build python-vobject in epel8
2247700 NEW CVE-2023-42802 glpi: unrestricted php script upload & execution [epel-all]
2248146 NEW CVE-2023-41324 CVE-2023-41322 CVE-2023-41321 CVE-2023-41320 CVE-2023-41323 CVE-2023-42462 CVE-2023-42461 glpi: various flaws [epel-all]
2248220 NEW dnscrypt-proxy2: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248225 NEW golang-googlecode-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2248228 NEW kompose: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]
2249139 NEW CVE-2023-46733 php-symfony: possible session fixation [epel-all]
2249142 NEW CVE-2023-46734 php-symfony: potential XSS vulnerabilities in CodeExtension filters [epel-all]
2249145 NEW php-symfony: potential XSS in WebhookController [epel-all]
2249284 NEW TRIAGE CVE-2023-46695 python-django16: python-django: Potential denial of service vulnerability in UsernameField on Windows [epel-all]
2250231 NEW TRIAGE CVE-2023-46728 clustal-omega: squid: NULL pointer dereference in the gopher protocol code [epel-all]
2253443 NEW CVE-2023-45133 nodejs: babel: arbitrary code execution [epel-all]
2253444 NEW CVE-2023-45133 nodejs:16-epel/nodejs: babel: arbitrary code execution [epel-all]
2255065 NEW CVE-2023-48795 golang-googlecode-go-crypto: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all]
2255353 NEW CVE-2023-49083 python3-cryptography: python-cryptography: NULL-dereference when loading PKCS7 certificates [epel-all]
2256060 NEW CVE-2022-24775 php-guzzlehttp-psr7: improper header parsing in php-guzzlehttp-psr7 [epel-all]
2256198 NEW CVE-2023-7104 sqlite2: sqlite: heap-buffer-overflow at sessionfuzz [epel-all]
2256883 NEW TRIAGE CVE-2024-22049 rubygem-httparty: httparty: multipart/form-data request vulnerable to tampering [epel-all]
2257495 NEW CVE-2023-6476 cri-o:1.21/cri-o: Pods are able to break out of resource confinement on cgroupv2 [epel-all]
2257590 NEW CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [epel-all]
2257591 NEW CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [epel-all]
2257592 NEW CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [epel-all]
2258546 NEW CVE-2024-22362 drupal7: improper handling of structural elements leading to denail of service [epel-all]
2258680 NEW CVE-2023-4522 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [epel-all]
2258686 NEW CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [epel-all]
2258689 NEW CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [epel-all]
2258692 NEW CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [epel-all]
2258695 NEW CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [epel-all]
2258698 NEW CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [epel-all]
2258702 NEW CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [epel-all]
2258705 NEW TRIAGE CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [epel-all]
2258708 NEW CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [epel-all]
2258710 NEW CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [epel-all]
2259080 NEW CVE-2022-40896 python-pygments2: pygments: ReDoS in pygments [epel-all]
2259484 NEW TRIAGE CVE-2024-22211 freerdp1.2: freerdp2: Integer Overflow leading to Heap Overflow in freerdp_bitmap_planar_context_reset [epel-all]
2259510 NEW CVE-2024-0679 wordpress: vulnerable to unauthorized access due to a missing capability check [epel-all]
2259799 NEW CVE-2023-49568 cri-o:1.21/cri-o: go-git: Maliciously crafted Git server replies can cause DoS on go-git clients [epel-8]
2259810 NEW CVE-2023-49569 cri-o:1.21/cri-o: go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients [epel-8]
2260053 NEW TRIAGE CVE-2024-23638 clustal-omega: squid: vulnerable to a Denial of Service attack against Cache Manager error responses [epel-all]
2262339 NEW CVE-2024-23645 glpi: Reflected XSS in reports pages [epel-all]
2262341 NEW CVE-2023-51446 glpi: LDAP Injection during authentication [epel-all]
2263230 NEW TRIAGE CVE-2024-24815 ckeditor: cross-site scripting vulnerability via incorrect CDATA detection [epel-all]
2263235 NEW TRIAGE CVE-2024-24816 ckeditor: cross-site scripting vulnerability in samples with preview feature enabled [epel-all]
2263854 NEW CVE-2024-1439 moodle: Inadequate access control [epel-all]
2264300 NEW TRIAGE CVE-2024-24990 nginx:mainline/nginx: Use-after-free in HTTP/3 [epel-all]
2264570 NEW TRIAGE CVE-2023-46809 nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) [epel-all]
2264576 NEW TRIAGE CVE-2024-22019 nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks [epel-all]
2264584 NEW TRIAGE CVE-2024-21892 nodejs: code injection and privilege escalation through Linux capabilities [epel-all]
2264800 NEW CVE-2023-46809 nodejs:13/nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) [epel-all]
2264801 NEW CVE-2023-46809 nodejs:16-epel/nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) [epel-all]
2264804 NEW CVE-2024-22019 nodejs:13/nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks [epel-all]
2264805 NEW CVE-2024-22019 nodejs:16-epel/nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks [epel-all]
2264808 NEW CVE-2024-21892 nodejs:13/nodejs: code injection and privilege escalation through Linux capabilities [epel-all]
2264809 NEW CVE-2024-21892 nodejs:16-epel/nodejs: code injection and privilege escalation through Linux capabilities [epel-all]
2264902 NEW TRIAGE CVE-2024-25978 moodle: MSA-24-0001: Denial of service risk in file picker unzip functionality [epel-all]
2264903 NEW TRIAGE CVE-2024-25979 moodle: MSA-24-0002: Forum search accepted random parameters in its URL [epel-all]
2264906 NEW TRIAGE CVE-2024-25980 moodle: MSA-24-0003: H5P attempts report did not respect activity group settings [epel-all]
2264909 NEW TRIAGE CVE-2024-25981 moodle: MSA-24-0004: Forum export did not respect activity group settings [epel-all]
2264910 NEW TRIAGE CVE-2024-25982 moodle: MSA-24-0005: CSRF risk in Language import utility [epel-all]
2264914 NEW TRIAGE CVE-2024-25983 moodle: MSA-24-0006: IDOR on dashboard comments block [epel-all]
2265162 NEW TRIAGE CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function [epel-all]
2265684 NEW CVE-2023-42282 nodejs:13/nodejs: nodejs-ip: arbitrary code execution via the isPublic() function [epel-all]
2265685 NEW CVE-2023-42282 nodejs:16-epel/nodejs: nodejs-ip: arbitrary code execution via the isPublic() function [epel-all]
2266281 NEW CVE-2024-24806 libuv: Improper Domain Lookup that potentially leads to SSRF attacks [epel-all]
2266282 NEW CVE-2024-24806 nodejs:13/libuv: Improper Domain Lookup that potentially leads to SSRF attacks [epel-all]
2266622 NEW CVE-2024-21742 apache-james-project: : Apache James Mime4J: Mime4J DOM header injection [epel-all]
2267263 NEW TRIAGE CVE-2024-27285 golang-github-aws-aws-sdk-go: yard: Cross-site scripting in the frams.erb template file [epel-all]
2267268 NEW TRIAGE CVE-2024-27285 rubygem-dynect_rest: yard: Cross-site scripting in the frams.erb template file [epel-all]
2267269 NEW TRIAGE CVE-2024-27285 rubygem-fog-core: yard: Cross-site scripting in the frams.erb template file [epel-all]
2267270 NEW TRIAGE CVE-2024-27285 rubygem-fog-softlayer: yard: Cross-site scripting in the frams.erb template file [epel-all]
2267275 NEW TRIAGE CVE-2024-27285 rubygem-thread_safe: yard: Cross-site scripting in the frams.erb template file [epel-all]
2267276 NEW TRIAGE CVE-2024-27285 rubygem-vault: yard: Cross-site scripting in the frams.erb template file [epel-all]
2267364 NEW CVE-2023-51747 apache-james-project: apache-james: SMTP smuggling [epel-all]
2267499 NEW CVE-2024-27354 php-phpseclib: denial of service [epel-all]
2267502 NEW CVE-2024-27355 php-phpseclib: denial of service [epel-all]
2267658 NEW TRIAGE CVE-2024-27351 python-django16: python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() [epel-all]
2268873 NEW CVE-2024-28180 cri-o:1.21/cri-o: jose-go: improper handling of highly compressed data [epel-all]
2270561 NEW TRIAGE CVE-2024-22025 nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service [epel-all]
2270562 NEW TRIAGE CVE-2024-22025 nodejs:13/nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service [epel-all]
2270563 NEW TRIAGE CVE-2024-22025 nodejs:16-epel/nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service [epel-all]
2270600 NEW CVE-2024-29018 kompose: moby: external DNS requests from 'internal' networks could lead to data exfiltration [epel-all]
2270601 NEW CVE-2024-29018 manifest-tool: moby: external DNS requests from 'internal' networks could lead to data exfiltration [epel-all]
2270862 NEW CVE-2024-29374 moodle: A Cross-Site Scripting (XSS) vulnerability in "?lang" parameter [epel-all]
2272569 NEW TRIAGE CVE-2024-28219 python3-pillow: python-pillow: buffer overflow in _imagingcms.c [epel-all]
2273035 NEW CVE-2024-28182 nodejs: nghttp2: CONTINUATION frames DoS [epel-all]
2273043 NEW CVE-2024-27983 nodejs: CONTINUATION frames DoS [epel-all]
2273392 NEW CVE-2024-28182 nodejs:13/nodejs: nghttp2: CONTINUATION frames DoS [epel-all]
2273393 NEW CVE-2024-28182 nodejs:16-epel/nodejs: nghttp2: CONTINUATION frames DoS [epel-all]
2273663 NEW TRIAGE CVE-2023-5692 wordpress: potential exposure of custom post slugs whose 'publicly_queryable' post status has been set to 'false' [epel-all]
2273864 NEW CVE-2024-21506 python-pymongo: out of bounds read [epel-all]
2274496 NEW CVE-2024-23076 bionetgen: jfreechart: Null pointer exception [epel-all]
2275116 NEW CVE-2024-32489 php-tcpdf: HTML code injection [epel-all]
2275349 NEW CVE-2024-1135 graphite-web: python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers [epel-all]
2275351 NEW CVE-2024-1135 python3-gunicorn: python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers [epel-all]
2275394 NEW CVE-2024-27982 nodejs: HTTP Request Smuggling via Content Length Obfuscation [epel-all]
2275395 NEW CVE-2024-27982 nodejs:16-epel/nodejs: HTTP Request Smuggling via Content Length Obfuscation [epel-all]
2276091 NEW TRIAGE CVE-2024-22640 php-tcpdf: tcpdf: ReDos when parsing an untrusted HTML page with a crafted color [epel-all]
2277328 NEW CVE-2024-32046 purple-mattermost: mattermost: allows an attacker to get information about the server such as the full path were files are stored [epel-all]
2277332 NEW CVE-2024-22091 purple-mattermost: mattermost: fail to limit the size of a request path causing excessive resource consumption [epel-all]
2277335 NEW CVE-2024-4198 purple-mattermost: mattermost: fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest [epel-all]
2277340 NEW CVE-2024-4195 purple-mattermost: mattermost: fail to fully validate role changes leading to promote guests to team admins [epel-all]
2277343 NEW CVE-2024-4182 purple-mattermost: mattermost: fail to handle JSON parsing errors in custom status values [epel-all]
2277347 NEW CVE-2024-4183 purple-mattermost: mattermost: fail to limit the number of active sessions [epel-all]
2278047 NEW CVE-2024-27983 nodejs:16-epel/nodejs: CONTINUATION frames DoS [epel-all]
2278701 NEW CVE-2024-3154 cri-o:1.21/cri-o: Arbitrary command injection via pod annotation [epel-all]
2279489 NEW TRIAGE CVE-2024-34064 python3-jinja2: jinja2: accepts keys containing non-attribute characters [epel-all]
2279587 NEW CVE-2024-29889 glpi: alter another user account data take control of it [epel-all]
2279589 NEW CVE-2024-31456 glpi: uthenticated user can exploit a SQL injection vulnerability from map search [epel-all]
2280915 NEW ffmpeg for epel8?
2282041 NEW CVE-2024-33996 moodle: broken access control when setting calendar event type [epel-all]
2282043 NEW CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor [epel-all]
2282045 NEW CVE-2024-33998 moodle: stored XSS via user's name on participants page when opening some options [epel-all]
2282048 NEW CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php [epel-all]
2282050 NEW CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number [epel-all]
2282052 NEW CVE-2024-34001 moodle: CSRF risk in admin preset tool management of presets [epel-all]
2282054 NEW CVE-2024-34002 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup [epel-all]
2282056 NEW CVE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup [epel-all]
2282058 NEW CVE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup [epel-all]
2282060 NEW CVE-2024-34005 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup [epel-all]
2282062 NEW CVE-2024-34006 moodle: unsanitized HTML in site log for config_log_created [epel-all]
2282064 NEW CVE-2024-34007 moodle: logout CSRF in admin/tool/mfa/auth.php [epel-all]
2282066 NEW CVE-2024-34008 moodle: CSRF risk in analytics management of models [epel-all]
2282068 NEW CVE-2024-34009 moodle: ReCAPTCHA can be bypassed on the login page [epel-all]
2282120 NEW CVE-2024-35195 python-fedbadges: requests: subsequent requests to the same host ignore cert verification [epel-all]
2282123 NEW CVE-2024-35195 python-pyvirtualize: requests: subsequent requests to the same host ignore cert verification [epel-all]
2282124 NEW CVE-2024-35195 python3-docker: requests: subsequent requests to the same host ignore cert verification [epel-all]
2282125 ASSIGNED CVE-2024-35195 transifex-client: requests: subsequent requests to the same host ignore cert verification [epel-all]
2283383 NEW CVE-2024-33427 clustal-omega: squid: buffer overread leading to denial of service [epel-all]
2284246 NEW CVE-2024-1298 edk2: Temporary DoS vulnerability [epel-all]
2284367 NEW TRIAGE CVE-2024-3727 cri-o:1.21/cri-o: containers/image: digest type does not guarantee valid type [epel-all]
2290761 NEW CVE-2024-5154 cri-o:1.21/cri-o: malicious container can create symlink on host [epel-all]
2292309 NEW CVE-2024-37407 cmake3: libarchive: Out of bounds access in slurp_central_directory at archive_read_support_format_zip.c [epel-all]
2292778 NEW CVE-2024-37890 nodejs-ws: denial of service when handling a request with many HTTP headers [epel-all]
2292944 NEW CVE-2024-38273 moodle: BigBlueButton web service leaks meeting joining information to users who should not have access [epel-all]
2292947 NEW CVE-2024-38274 moodle: stored XSS via calendar's event title when deleting the event [epel-all]
2292948 NEW CVE-2024-38275 moodle: HTTP authorization header is preserved between "emulated redirects" [epel-all]
2292950 NEW CVE-2024-38276 moodle: CSRF risks due to misuse of confirm_sesskey [epel-all]
2292952 NEW CVE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys [epel-all]
2293096 NEW CVE-2023-52424 hostapd: 802.11: SSID Confusion attack [epel-all]
2293152 NEW CVE-2024-37891 docker-compose: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all]
2293153 NEW CVE-2024-37891 mote: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all]
2293159 ASSIGNED CVE-2024-37891 transifex-client: urllib3: proxy-authorization request header is not stripped during cross-origin redirects [epel-all]
2293210 NEW CVE-2024-28863 nodejs:13/nodejs: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8]
2293211 NEW CVE-2024-28863 nodejs:16-epel/nodejs: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8]
2293707 NEW CVE-2024-37674 moodle: XSS via the Field Name (name parameter) of a new activity [epel-all]
2294206 NEW CVE-2024-6305 CVE-2024-6306 CVE-2024-6307 wordpress: multiple vulnerabilities [epel-all]
2294338 NEW rss2email and epel
2294675 NEW CVE-2023-52892 php-phpseclib: php-seclib: Incorrect allowed input via Subject Alternative Name fields [epel-all]
2298408 NEW Please build python3.12-scons for epel8
2307569 ASSIGNED Please branch and build sd in epel8
2311433 NEW CVE-2024-42486 cri-o: Gateway resources continue to establish sessions using revoked ReferenceGrants [epel-8]
2318164 NEW [Major Incident] CVE-2024-21626 cri-o:1.21/cri-o: file descriptor leak [epel-8]
2318512 NEW CVE-2024-9341 cri-o:1.21/cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library [epel-8]
2320059 NEW Please branch and build ansible-collection-community-crypto for EPEL8
2331683 NEW Please branch and build qt6-qtbase in epel8
2331921 NEW CVE-2024-45337 cri-o:1.21/cri-o: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-8]