Repo Status -
Overall Status
Page updated: 2025-01-18 06:59
| 2122735 | POST | low | CVE-2021-33456 yasm: NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122737 | POST | low | CVE-2021-33457 yasm: NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122739 | POST | low | CVE-2021-33459 yasm: NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c [epel-all] |
| 2264275 | NEW | unspecified | CVE-2023-46136 python-werkzeug: high resource consumption leading to denial of service [epel-9] |
| 2317099 | NEW | high | CVE-2024-43363 cacti: Remote code execution via Log Poisoning in Cacti [epel-9] |
| 2317102 | NEW | high | CVE-2024-43362 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-9] |
| 2317106 | NEW | medium | CVE-2024-43364 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-9] |
| 2317110 | NEW | medium | CVE-2024-43365 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-9] |
| 2317490 | NEW | high | CVE-2024-45160 lemonldap-ng: From NVD collector [epel-9] |
| 2317756 | NEW | medium | CVE-2024-48933 lemonldap-ng: XSS/HTML Injection login page when user contains special characters [epel-9] |
| 2318146 | NEW | high | CVE-2024-8376 mosquitto: sending specific sequences of packets may trigger memory leak [epel-all] |
| 2319554 | NEW | medium | CVE-2024-44337 matterbridge: infinite loop via the paragraph function of parser/block.go [epel-all] |
| 2321496 | NEW | medium | CVE-2024-3661 dhcpcd: DHCP routing options can manipulate interface-based VPN traffic [epel-all] |
| 2321555 | NEW | medium | CVE-2024-50383 botan2: compiler-induced side channel in lib/utils/donna128.h [epel-9] |
| 2321649 | NEW | medium | CVE-2024-50382 botan2: compiler-induced side channel in lib/utils/ghash/ghash.cpp [epel-9] |
| 2321667 | NEW | high | CVE-2024-48208 pure-ftpd: out of bounds read in the domlsd() function of ls.c [epel-9] |
| 2322188 | NEW | medium | CVE-2024-50614 tinyxml2: reachable assertion in GetCharacterRef() [epel-9] |
| 2322471 | NEW | high | CVE-2024-49769 python-waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion [epel-9] |
| 2322946 | NEW | high | CVE-2024-10525 mosquitto: heap buffer overflow in my_subscribe_callback [epel-9] |
| 2322981 | NEW | medium | CVE-2024-10573 SDL_sound: Buffer overflow when writin decoded PCM samples [epel-all] |
| 2322982 | NEW | medium | CVE-2024-10573 wine: Buffer overflow when writin decoded PCM samples [epel-all] |
| 2323265 | NEW | high | CVE-2024-44185 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [epel-all] |
| 2323280 | NEW | high | CVE-2024-44244 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [epel-all] |
| 2323293 | NEW | medium | CVE-2024-44296 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [epel-all] |
| 2323593 | NEW | urgent | CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [epel-9] |
| 2326579 | NEW | medium | CVE-2024-52522 rclone: improper permission and ownership handling on symlink targets with --links and --metadata [epel-all] |
| 2326929 | NEW | medium | CVE-2024-52947 lemonldap-ng: From CVEorg collector [epel-9] |
| 2326936 | NEW | high | CVE-2024-52946 lemonldap-ng: Improper Authentication Level Check in LemonLDAP::NG [epel-9] |
| 2328914 | NEW | medium | CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [epel-9] |
| 2330015 | NEW | medium | CVE-2024-53259 caddy: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux [epel-9] |
| 2330016 | NEW | medium | CVE-2024-53259 receptor: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux [epel-9] |
| 2330162 | ASSIGNED | medium | CVE-2024-11738 rust-rustls: rustls network-reachable panic in `Acceptor::accept` [epel-9] |
| 2330644 | NEW | medium | CVE-2024-53846 erlang: ssl fails to validate incorrect extened key usage [epel-all] |
| 2330731 | NEW | medium | CVE-2024-52798 magicmirror: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2330732 | NEW | medium | CVE-2024-52798 mozjs78: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2330733 | NEW | medium | CVE-2024-52798 qt6-qtwebengine: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2330734 | NEW | medium | CVE-2024-52798 trivy: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2331082 | NEW | medium | CVE-2024-12361 ffmpeg: FFmpeg NULL Pointer Dereference [epel-9] |
| 2331083 | NEW | medium | CVE-2024-12361 qt5-qtwebengine: FFmpeg NULL Pointer Dereference [epel-9] |
| 2331084 | NEW | medium | CVE-2024-12361 qt6-qtwebengine: FFmpeg NULL Pointer Dereference [epel-9] |
| 2331093 | NEW | medium | CVE-2024-55565 phpMyAdmin: nanoid mishandles non-integer values [epel-9] |
| 2331094 | NEW | medium | CVE-2024-55565 qgis: nanoid mishandles non-integer values [epel-9] |
| 2331095 | NEW | medium | CVE-2024-55565 qt6-qtwebengine: nanoid mishandles non-integer values [epel-9] |
| 2331096 | NEW | medium | CVE-2024-55565 trivy: nanoid mishandles non-integer values [epel-9] |
| 2331928 | NEW | high | CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331929 | NEW | high | CVE-2024-45337 golang-x-crypto: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331930 | NEW | high | CVE-2024-45337 matterbridge: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331931 | NEW | high | CVE-2024-45337 opentofu: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331932 | NEW | high | CVE-2024-45337 pack: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331935 | NEW | high | CVE-2024-45337 rclone: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331936 | NEW | high | CVE-2024-45337 restic: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331938 | NEW | high | CVE-2024-45337 trivy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2333211 | NEW | high | CVE-2024-45338 caddy: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333212 | NEW | high | CVE-2024-45338 golang-x-net: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333213 | NEW | high | CVE-2024-45338 golang-x-tools: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333214 | NEW | high | CVE-2024-45338 matterbridge: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333215 | NEW | high | CVE-2024-45338 opentofu: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333216 | NEW | high | CVE-2024-45338 rclone: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333217 | NEW | high | CVE-2024-45338 receptor: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333218 | NEW | high | CVE-2024-45338 trivy: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333326 | NEW | medium | CVE-2024-9102 phpldapadmin: phpLDAPadmin: Improper Neutralization of Formula Elements [epel-9] |
| 2333340 | NEW | low | CVE-2024-9101 phpldapadmin: phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php [epel-9] |
| 2333595 | ON_QA | medium | CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [epel-9] |
| 2333924 | NEW | high | CVE-2024-54479 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [epel-9] |
| 2334285 | NEW | medium | CVE-2024-56522 phpMyAdmin: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [epel-9] |
| 2334287 | NEW | medium | CVE-2024-56519 phpMyAdmin: setSVGStyles does not sanitize the SVG font-family attribute [epel-9] |
| 2334291 | NEW | medium | CVE-2024-56521 phpMyAdmin: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [epel-9] |
| 2334340 | NEW | medium | CVE-2024-56527 phpMyAdmin: Error function lacks an htmlspecialchars call for the error message. [epel-9] |
| 2334775 | ASSIGNED | high | CVE-2024-56737 radare2: heap-based buffer overflow [epel-9] |
| 2334781 | ASSIGNED | medium | CVE-2024-56738 radare2: Observable Timing Discrepancy resulting side-channel attacks [epel-9] |
| 2335490 | NEW | medium | CVE-2024-35365 ffmpeg: double-free vulnerability in FFMPEG [epel-all] |
| 2335491 | NEW | medium | CVE-2024-35365 qt5-qtwebengine: double-free vulnerability in FFMPEG [epel-all] |
| 2335492 | NEW | medium | CVE-2024-35365 qt6-qtwebengine: double-free vulnerability in FFMPEG [epel-all] |
| 2335501 | NEW | medium | CVE-2025-22376 perl-Net-OAuth: Default nonce for Net::OAuth package for perl is not cryptographically strong [epel-all] |
| 2335843 | NEW | medium | CVE-2023-6601 ffmpeg: HLS Unsafe File Extension Bypass in FFmpeg [epel-all] |
| 2335844 | NEW | medium | CVE-2023-6601 qt5-qtwebengine: HLS Unsafe File Extension Bypass in FFmpeg [epel-all] |
| 2335845 | NEW | medium | CVE-2023-6601 qt6-qtwebengine: HLS Unsafe File Extension Bypass in FFmpeg [epel-all] |
| 2335851 | NEW | medium | CVE-2023-6602 ffmpeg: Improper Handling of Input Format in TTY Demuxer of FFmpeg [epel-all] |
| 2335852 | NEW | medium | CVE-2023-6602 qt5-qtwebengine: Improper Handling of Input Format in TTY Demuxer of FFmpeg [epel-all] |
| 2335853 | NEW | medium | CVE-2023-6602 qt6-qtwebengine: Improper Handling of Input Format in TTY Demuxer of FFmpeg [epel-all] |
| 2335858 | NEW | medium | CVE-2023-6603 qt5-qtwebengine: Null Pointer Dereference in FFmpeg HLS Parsing [epel-all] |
| 2335862 | NEW | medium | CVE-2023-6604 ffmpeg: HLS XBIN Demuxer DoS Amplification in FFmpeg [epel-all] |
| 2335863 | NEW | medium | CVE-2023-6604 qt5-qtwebengine: HLS XBIN Demuxer DoS Amplification in FFmpeg [epel-all] |
| 2335864 | NEW | medium | CVE-2023-6604 qt6-qtwebengine: HLS XBIN Demuxer DoS Amplification in FFmpeg [epel-all] |
| 2335870 | NEW | medium | CVE-2023-6605 ffmpeg: DASH Playlist SSRF Vulnerability in FFmpeg [epel-all] |
| 2335871 | NEW | medium | CVE-2023-6605 qt5-qtwebengine: DASH Playlist SSRF Vulnerability in FFmpeg [epel-all] |
| 2335872 | NEW | medium | CVE-2023-6605 qt6-qtwebengine: DASH Playlist SSRF Vulnerability in FFmpeg [epel-all] |
| 2336368 | NEW | high | CVE-2024-56201 helix: Jinja has a sandbox breakout through malicious filenames [epel-9] |
| 2336825 | ON_QA | medium | CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [epel-9] |
| 2336829 | ON_QA | medium | CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [epel-9] |
| 2336833 | ON_QA | high | CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [epel-9] |
| 2337966 | NEW | high | [Minor Incident] CVE-2024-12085 rsync-bpc: Info Leak via Uninitialized Stack Contents [epel-9] |
| 2337971 | NEW | medium | [Minor Incident] CVE-2024-12086 rsync-bpc: rsync server leaks arbitrary client files [epel-all] |
| 2337976 | NEW | medium | [Minor Incident] CVE-2024-12087 rsync-bpc: Path traversal vulnerability in rsync [epel-all] |
| 2337981 | NEW | medium | [Minor Incident] CVE-2024-12088 rsync-bpc: --safe-links option bypass leads to path traversal [epel-all] |
| 2337987 | NEW | medium | [Minor Incident] CVE-2024-12747 rsync-bpc: Race Condition in rsync Handling Symbolic Links [epel-9] |
| 2338041 | NEW | medium | CVE-2024-56374 python-django4.2: potential denial-of-service vulnerability in IPv6 validation [epel-9] |
| 2338113 | ON_QA | high | CVE-2025-23013 pam-u2f: Partial Authentication Bypass in pam-u2f Software Package [epel-9] |