Repo Status -
Overall Status
Page updated: 2025-03-28 03:55
| 2122735 | POST | low | CVE-2021-33456 yasm: NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122737 | POST | low | CVE-2021-33457 yasm: NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122739 | POST | low | CVE-2021-33459 yasm: NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c [epel-all] |
| 2264275 | NEW | unspecified | CVE-2023-46136 python-werkzeug: high resource consumption leading to denial of service [epel-9] |
| 2317099 | NEW | high | CVE-2024-43363 cacti: Remote code execution via Log Poisoning in Cacti [epel-9] |
| 2317102 | NEW | high | CVE-2024-43362 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-9] |
| 2317106 | NEW | medium | CVE-2024-43364 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-9] |
| 2317110 | NEW | medium | CVE-2024-43365 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-9] |
| 2317490 | NEW | high | CVE-2024-45160 lemonldap-ng: From NVD collector [epel-9] |
| 2317756 | NEW | medium | CVE-2024-48933 lemonldap-ng: XSS/HTML Injection login page when user contains special characters [epel-9] |
| 2318146 | NEW | high | CVE-2024-8376 mosquitto: sending specific sequences of packets may trigger memory leak [epel-all] |
| 2319554 | NEW | medium | CVE-2024-44337 matterbridge: infinite loop via the paragraph function of parser/block.go [epel-all] |
| 2321496 | NEW | medium | CVE-2024-3661 dhcpcd: DHCP routing options can manipulate interface-based VPN traffic [epel-all] |
| 2321555 | NEW | medium | CVE-2024-50383 botan2: compiler-induced side channel in lib/utils/donna128.h [epel-9] |
| 2321649 | NEW | medium | CVE-2024-50382 botan2: compiler-induced side channel in lib/utils/ghash/ghash.cpp [epel-9] |
| 2321667 | NEW | high | CVE-2024-48208 pure-ftpd: out of bounds read in the domlsd() function of ls.c [epel-9] |
| 2322188 | NEW | medium | CVE-2024-50614 tinyxml2: reachable assertion in GetCharacterRef() [epel-9] |
| 2322471 | NEW | high | CVE-2024-49769 python-waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion [epel-9] |
| 2322946 | NEW | high | CVE-2024-10525 mosquitto: heap buffer overflow in my_subscribe_callback [epel-9] |
| 2322981 | NEW | medium | CVE-2024-10573 SDL_sound: Buffer overflow when writin decoded PCM samples [epel-all] |
| 2322982 | NEW | medium | CVE-2024-10573 wine: Buffer overflow when writin decoded PCM samples [epel-all] |
| 2323265 | NEW | high | CVE-2024-44185 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [epel-all] |
| 2323280 | NEW | high | CVE-2024-44244 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [epel-all] |
| 2323293 | NEW | medium | CVE-2024-44296 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [epel-all] |
| 2323593 | NEW | urgent | CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [epel-9] |
| 2326579 | NEW | medium | CVE-2024-52522 rclone: improper permission and ownership handling on symlink targets with --links and --metadata [epel-all] |
| 2326929 | NEW | medium | CVE-2024-52947 lemonldap-ng: From CVEorg collector [epel-9] |
| 2326936 | NEW | high | CVE-2024-52946 lemonldap-ng: Improper Authentication Level Check in LemonLDAP::NG [epel-9] |
| 2328914 | NEW | medium | CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [epel-9] |
| 2330015 | NEW | medium | CVE-2024-53259 caddy: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux [epel-9] |
| 2330016 | NEW | medium | CVE-2024-53259 receptor: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux [epel-9] |
| 2330162 | ASSIGNED | medium | CVE-2024-11738 rust-rustls: rustls network-reachable panic in `Acceptor::accept` [epel-9] |
| 2330644 | NEW | medium | CVE-2024-53846 erlang: ssl fails to validate incorrect extened key usage [epel-all] |
| 2330731 | NEW | medium | CVE-2024-52798 magicmirror: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2330732 | NEW | medium | CVE-2024-52798 mozjs78: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2330733 | NEW | medium | CVE-2024-52798 qt6-qtwebengine: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2330734 | NEW | medium | CVE-2024-52798 trivy: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2331082 | NEW | medium | CVE-2024-12361 ffmpeg: FFmpeg NULL Pointer Dereference [epel-9] |
| 2331083 | NEW | medium | CVE-2024-12361 qt5-qtwebengine: FFmpeg NULL Pointer Dereference [epel-9] |
| 2331084 | NEW | medium | CVE-2024-12361 qt6-qtwebengine: FFmpeg NULL Pointer Dereference [epel-9] |
| 2331093 | NEW | medium | CVE-2024-55565 phpMyAdmin: nanoid mishandles non-integer values [epel-9] |
| 2331094 | NEW | medium | CVE-2024-55565 qgis: nanoid mishandles non-integer values [epel-9] |
| 2331095 | NEW | medium | CVE-2024-55565 qt6-qtwebengine: nanoid mishandles non-integer values [epel-9] |
| 2331096 | NEW | medium | CVE-2024-55565 trivy: nanoid mishandles non-integer values [epel-9] |
| 2331928 | NEW | high | CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331929 | NEW | high | CVE-2024-45337 golang-x-crypto: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331930 | NEW | high | CVE-2024-45337 matterbridge: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331931 | NEW | high | CVE-2024-45337 opentofu: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331932 | NEW | high | CVE-2024-45337 pack: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331935 | NEW | high | CVE-2024-45337 rclone: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331936 | NEW | high | CVE-2024-45337 restic: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331938 | NEW | high | CVE-2024-45337 trivy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2333211 | NEW | high | CVE-2024-45338 caddy: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333212 | NEW | high | CVE-2024-45338 golang-x-net: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333213 | NEW | high | CVE-2024-45338 golang-x-tools: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333214 | NEW | high | CVE-2024-45338 matterbridge: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333215 | NEW | high | CVE-2024-45338 opentofu: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333216 | NEW | high | CVE-2024-45338 rclone: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333217 | NEW | high | CVE-2024-45338 receptor: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333218 | NEW | high | CVE-2024-45338 trivy: Non-linear parsing of case-insensitive content in golang.org/x/net/html [epel-9] |
| 2333326 | NEW | medium | CVE-2024-9102 phpldapadmin: phpLDAPadmin: Improper Neutralization of Formula Elements [epel-9] |
| 2333340 | NEW | low | CVE-2024-9101 phpldapadmin: phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php [epel-9] |
| 2333924 | NEW | high | CVE-2024-54479 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [epel-9] |
| 2334285 | NEW | medium | CVE-2024-56522 phpMyAdmin: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [epel-9] |
| 2334287 | NEW | medium | CVE-2024-56519 phpMyAdmin: setSVGStyles does not sanitize the SVG font-family attribute [epel-9] |
| 2334291 | NEW | medium | CVE-2024-56521 phpMyAdmin: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [epel-9] |
| 2334340 | NEW | medium | CVE-2024-56527 phpMyAdmin: Error function lacks an htmlspecialchars call for the error message. [epel-9] |
| 2334781 | ASSIGNED | medium | CVE-2024-56738 radare2: Observable Timing Discrepancy resulting side-channel attacks [epel-9] |
| 2335490 | NEW | medium | CVE-2024-35365 ffmpeg: double-free vulnerability in FFMPEG [epel-all] |
| 2335491 | NEW | medium | CVE-2024-35365 qt5-qtwebengine: double-free vulnerability in FFMPEG [epel-all] |
| 2335492 | NEW | medium | CVE-2024-35365 qt6-qtwebengine: double-free vulnerability in FFMPEG [epel-all] |
| 2335501 | NEW | medium | CVE-2025-22376 perl-Net-OAuth: Default nonce for Net::OAuth package for perl is not cryptographically strong [epel-all] |
| 2335843 | NEW | medium | CVE-2023-6601 ffmpeg: HLS Unsafe File Extension Bypass in FFmpeg [epel-all] |
| 2335844 | NEW | medium | CVE-2023-6601 qt5-qtwebengine: HLS Unsafe File Extension Bypass in FFmpeg [epel-all] |
| 2335845 | NEW | medium | CVE-2023-6601 qt6-qtwebengine: HLS Unsafe File Extension Bypass in FFmpeg [epel-all] |
| 2335851 | NEW | medium | CVE-2023-6602 ffmpeg: Improper Handling of Input Format in TTY Demuxer of FFmpeg [epel-all] |
| 2335852 | NEW | medium | CVE-2023-6602 qt5-qtwebengine: Improper Handling of Input Format in TTY Demuxer of FFmpeg [epel-all] |
| 2335853 | NEW | medium | CVE-2023-6602 qt6-qtwebengine: Improper Handling of Input Format in TTY Demuxer of FFmpeg [epel-all] |
| 2335858 | NEW | medium | CVE-2023-6603 qt5-qtwebengine: Null Pointer Dereference in FFmpeg HLS Parsing [epel-all] |
| 2335862 | NEW | medium | CVE-2023-6604 ffmpeg: HLS XBIN Demuxer DoS Amplification in FFmpeg [epel-all] |
| 2335863 | NEW | medium | CVE-2023-6604 qt5-qtwebengine: HLS XBIN Demuxer DoS Amplification in FFmpeg [epel-all] |
| 2335864 | NEW | medium | CVE-2023-6604 qt6-qtwebengine: HLS XBIN Demuxer DoS Amplification in FFmpeg [epel-all] |
| 2335870 | NEW | medium | CVE-2023-6605 ffmpeg: DASH Playlist SSRF Vulnerability in FFmpeg [epel-all] |
| 2335871 | NEW | medium | CVE-2023-6605 qt5-qtwebengine: DASH Playlist SSRF Vulnerability in FFmpeg [epel-all] |
| 2335872 | NEW | medium | CVE-2023-6605 qt6-qtwebengine: DASH Playlist SSRF Vulnerability in FFmpeg [epel-all] |
| 2337966 | NEW | high | [Minor Incident] CVE-2024-12085 rsync-bpc: Info Leak via Uninitialized Stack Contents [epel-9] |
| 2337971 | NEW | medium | [Minor Incident] CVE-2024-12086 rsync-bpc: rsync server leaks arbitrary client files [epel-all] |
| 2337976 | NEW | medium | [Minor Incident] CVE-2024-12087 rsync-bpc: Path traversal vulnerability in rsync [epel-all] |
| 2337981 | NEW | medium | [Minor Incident] CVE-2024-12088 rsync-bpc: --safe-links option bypass leads to path traversal [epel-all] |
| 2337987 | NEW | medium | [Minor Incident] CVE-2024-12747 rsync-bpc: Race Condition in rsync Handling Symbolic Links [epel-9] |
| 2338041 | NEW | medium | CVE-2024-56374 python-django4.2: potential denial-of-service vulnerability in IPv6 validation [epel-9] |
| 2339347 | NEW | high | CVE-2025-0377 opentofu: HashiCorp go-slug Vulnerable to Zip Slip Attack [epel-9] |
| 2341675 | NEW | medium | CVE-2024-57719 CVE-2024-57720 CVE-2024-57721 CVE-2024-57722 CVE-2024-57723 CVE-2024-57724 lunasvg: various flaws [epel-9] |
| 2341678 | NEW | medium | CVE-2025-24529 phpMyAdmin: XSS in phpMyAdmin Insert Tab [epel-9] |
| 2341682 | NEW | medium | CVE-2025-24530 phpMyAdmin: XSS Vulnerability in phpMyAdmin Check Tables Feature [epel-9] |
| 2341885 | NEW | high | CVE-2022-1650 golang-github-prometheus: Exposure of Sensitive Information [epel-all] |
| 2341890 | NEW | medium | CVE-2024-55195 OpenImageIO: An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO [epel-9] |
| 2341894 | NEW | medium | CVE-2024-55193 OpenImageIO: segmentation violation via the component /OpenImageIO/string_view.h [epel-9] |
| 2341895 | NEW | medium | CVE-2024-55194 OpenImageIO: heap overflow via the component /OpenImageIO/fmath.h [epel-9] |
| 2341902 | NEW | medium | CVE-2024-55192 OpenImageIO: a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*) [epel-9] |
| 2342195 | NEW | high | CVE-2022-49043 mingw-libxml2: use-after-free in xmlXIncludeAddNode [epel-9] |
| 2342196 | NEW | high | CVE-2022-49043 qt5-qtwebengine: use-after-free in xmlXIncludeAddNode [epel-9] |
| 2342197 | NEW | high | CVE-2022-49043 qt6-qtwebengine: use-after-free in xmlXIncludeAddNode [epel-9] |
| 2342334 | NEW | medium | CVE-2024-45598 cacti: Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path [epel-9] |
| 2342340 | NEW | high | CVE-2025-24367 cacti: Cacti allows Arbitrary File Creation leading to RCE [epel-9] |
| 2342355 | NEW | medium | CVE-2025-24368 cacti: Cacti has a SQL Injection vulnerability when using tree rules through Automation API [epel-9] |
| 2342358 | NEW | high | CVE-2025-22604 cacti: Cacti has Authenticated RCE via multi-line SNMP responses [epel-9] |
| 2342360 | NEW | high | CVE-2024-54146 cacti: Cacti has a SQL Injection vulnerability when view host template [epel-9] |
| 2342362 | NEW | medium | CVE-2024-54145 cacti: Cacti has a SQL Injection vulnerability when request automation devices [epel-9] |
| 2342518 | NEW | high | CVE-2024-45339 caddy: Vulnerability when creating log files in github.com/golang/glog [epel-9] |
| 2343567 | NEW | medium | CVE-2024-55456 lunasvg: From CVEorg collector [epel-all] |
| 2345161 | NEW | high | CVE-2025-26520 cacti: SQL Injection in Cacti [epel-9] |
| 2345710 | NEW | medium | CVE-2025-25184 rubygem-rack: Possible Log Injection in Rack::CommonLogger [epel-9] |
| 2345760 | NEW | medium | CVE-2025-26791 ansible-collection-awx-awx: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [epel-9] |
| 2345761 | NEW | medium | CVE-2025-26791 cachelib: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [epel-9] |
| 2345762 | NEW | medium | CVE-2025-26791 fbthrift: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [epel-9] |
| 2345763 | NEW | medium | CVE-2025-26791 nextcloud: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [epel-9] |
| 2346331 | MODIFIED | medium | CVE-2024-45781 radare2: fs/ufs: OOB write in the heap [epel-all] |
| 2346336 | ASSIGNED | medium | CVE-2024-45783 radare2: fs/hfs+: refcount can be decremented twice [epel-all] |
| 2346347 | ASSIGNED | medium | CVE-2025-0690 radare2: read: Integer overflow may lead to out-of-bounds write [epel-all] |
| 2346369 | ASSIGNED | medium | CVE-2024-45774 radare2: reader/jpeg: Heap OOB Write during JPEG parsing [epel-all] |
| 2346485 | NEW | medium | CVE-2025-0633 iniparser: Heap Overflow in iniparser.c [epel-9] |
| 2346493 | NEW | low | CVE-2025-27113 mingw-libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch [epel-9] |
| 2346494 | NEW | low | CVE-2025-27113 qt5-qtwebengine: NULL Pointer Dereference in libxml2 xmlPatMatch [epel-9] |
| 2346495 | NEW | low | CVE-2025-27113 qt6-qtwebengine: NULL Pointer Dereference in libxml2 xmlPatMatch [epel-9] |
| 2346506 | NEW | high | CVE-2024-56171 mingw-libxml2: Use-After-Free in libxml2 [epel-9] |
| 2346507 | NEW | high | CVE-2024-56171 qt5-qtwebengine: Use-After-Free in libxml2 [epel-9] |
| 2346508 | NEW | high | CVE-2024-56171 qt6-qtwebengine: Use-After-Free in libxml2 [epel-9] |
| 2346519 | NEW | high | CVE-2025-24928 mingw-libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 [epel-9] |
| 2346520 | NEW | high | CVE-2025-24928 qt5-qtwebengine: Stack-based buffer overflow in xmlSnprintfElements of libxml2 [epel-9] |
| 2346521 | NEW | high | CVE-2025-24928 qt6-qtwebengine: Stack-based buffer overflow in xmlSnprintfElements of libxml2 [epel-9] |
| 2346545 | NEW | medium | CVE-2025-25471 ffmpeg: NULL Pointer Dereference in FFmpeg's MOV Parser [epel-9] |
| 2346546 | NEW | medium | CVE-2025-25471 qt5-qtwebengine: NULL Pointer Dereference in FFmpeg's MOV Parser [epel-9] |
| 2346547 | NEW | medium | CVE-2025-25471 qt6-qtwebengine: NULL Pointer Dereference in FFmpeg's MOV Parser [epel-9] |
| 2346553 | NEW | medium | CVE-2025-22921 ffmpeg: Segmentation Violation in FFmpeg [epel-9] |
| 2346554 | NEW | medium | CVE-2025-22921 qt5-qtwebengine: Segmentation Violation in FFmpeg [epel-9] |
| 2346555 | NEW | medium | CVE-2025-22921 qt6-qtwebengine: Segmentation Violation in FFmpeg [epel-9] |
| 2346562 | NEW | medium | CVE-2025-25468 qt5-qtwebengine: Memory Leak in FFmpeg libavutil/mem.c [epel-9] |
| 2346563 | NEW | medium | CVE-2025-25468 qt6-qtwebengine: Memory Leak in FFmpeg libavutil/mem.c [epel-9] |
| 2346569 | NEW | medium | CVE-2025-22919 ffmpeg: FFmpeg AAC File Denial of Service [epel-9] |
| 2346570 | NEW | medium | CVE-2025-22919 qt5-qtwebengine: FFmpeg AAC File Denial of Service [epel-9] |
| 2346571 | NEW | medium | CVE-2025-22919 qt6-qtwebengine: FFmpeg AAC File Denial of Service [epel-9] |
| 2346578 | NEW | medium | CVE-2025-25473 ffmpeg: NULL Pointer Dereference in FFmpeg [epel-9] |
| 2346579 | NEW | medium | CVE-2025-25473 qt5-qtwebengine: NULL Pointer Dereference in FFmpeg [epel-9] |
| 2346580 | NEW | medium | CVE-2025-25473 qt6-qtwebengine: NULL Pointer Dereference in FFmpeg [epel-9] |
| 2346586 | NEW | medium | CVE-2025-25469 ffmpeg: Memory Leak in libavutil/iamf.c in FFmpeg [epel-9] |
| 2346587 | NEW | medium | CVE-2025-25469 qt5-qtwebengine: Memory Leak in libavutil/iamf.c in FFmpeg [epel-9] |
| 2346588 | NEW | medium | CVE-2025-25469 qt6-qtwebengine: Memory Leak in libavutil/iamf.c in FFmpeg [epel-9] |
| 2346594 | NEW | medium | CVE-2025-22920 ffmpeg: Heap Buffer Overflow in FFmpeg avformat [epel-9] |
| 2346595 | NEW | medium | CVE-2025-22920 qt5-qtwebengine: Heap Buffer Overflow in FFmpeg avformat [epel-9] |
| 2346596 | NEW | medium | CVE-2025-22920 qt6-qtwebengine: Heap Buffer Overflow in FFmpeg avformat [epel-9] |
| 2347313 | NEW | medium | CVE-2025-0838 abseil-cpp: Heap Buffer overflow in Abseil [epel-9] |
| 2347376 | NEW | medium | CVE-2025-1594 ffmpeg: FFmpeg AAC Encoder aacenc_tns.c ff_aac_search_for_tns stack-based overflow [epel-9] |
| 2347465 | NEW | medium | CVE-2025-27144 prometheus-podman-exporter: Go JOSE's Parsing Vulnerable to Denial of Service [epel-9] |
| 2348717 | NEW | medium | CVE-2024-10918 libmodbus: Stack-based Buffer Overflow in libmodbus library [epel-9] |
| 2348787 | NEW | high | CVE-2025-22868 golang-github-prometheus: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [epel-9] |
| 2348788 | NEW | high | CVE-2025-22868 golang-x-oauth2: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [epel-9] |
| 2348789 | NEW | high | CVE-2025-22868 opentofu: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [epel-9] |
| 2348790 | NEW | high | CVE-2025-22868 rclone: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [epel-9] |
| 2348791 | NEW | high | CVE-2025-22868 restic: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [epel-9] |
| 2348792 | NEW | high | CVE-2025-22868 trivy: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [epel-9] |
| 2349341 | NEW | medium | CVE-2025-1816 ffmpeg: FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak [epel-9] |
| 2349342 | NEW | medium | CVE-2025-1816 qt5-qtwebengine: FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak [epel-9] |
| 2349343 | NEW | medium | CVE-2025-1816 qt6-qtwebengine: FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak [epel-9] |
| 2349963 | ON_QA | medium | CVE-2023-40403 mingw-libxslt: Processing web content may disclose sensitive information [epel-9] |
| 2349964 | NEW | medium | CVE-2023-40403 qt5-qtwebengine: Processing web content may disclose sensitive information [epel-9] |
| 2349965 | NEW | medium | CVE-2023-40403 qt6-qtwebengine: Processing web content may disclose sensitive information [epel-9] |
| 2349976 | NEW | medium | CVE-2025-27111 rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection [epel-9] |
| 2350561 | NEW | medium | CVE-2025-27796 GraphicsMagick: Palette Buffer Allocation in GraphicsMagick WPG [epel-9] |
| 2350565 | NEW | medium | CVE-2025-27795 GraphicsMagick: Lack of Image Dimension Resource Limits in JXL of GraphicsMagick [epel-9] |
| 2350757 | NEW | high | CVE-2025-22869 caddy: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2350758 | NEW | high | CVE-2025-22869 golang-x-crypto: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2350759 | NEW | high | CVE-2025-22869 matterbridge: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2350760 | NEW | high | CVE-2025-22869 opentofu: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2350761 | NEW | high | CVE-2025-22869 pack: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2350762 | NEW | high | CVE-2025-22869 podman-tui: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2350763 | NEW | high | CVE-2025-22869 prometheus-podman-exporter: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2350764 | NEW | high | CVE-2025-22869 rclone: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2350765 | NEW | high | CVE-2025-22869 restic: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2350767 | NEW | high | CVE-2025-22869 trivy: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [epel-9] |
| 2351276 | NEW | high | CVE-2025-27610 rubygem-rack: Local File Inclusion in Rack::Static [epel-9] |
| 2351883 | NEW | medium | CVE-2025-22870 apptainer: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351884 | NEW | medium | CVE-2025-22870 caddy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351885 | NEW | medium | CVE-2025-22870 dnscrypt-proxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351886 | NEW | medium | CVE-2025-22870 fluent-bit: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351887 | NEW | medium | CVE-2025-22870 gcc-epel: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351888 | NEW | medium | CVE-2025-22870 git-credential-oauth: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351889 | NEW | medium | CVE-2025-22870 golang-github-mock: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351890 | NEW | medium | CVE-2025-22870 golang-github-prometheus: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351891 | NEW | medium | CVE-2025-22870 golang-github-prometheus-alertmanager: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351892 | NEW | medium | CVE-2025-22870 golang-github-prometheus-node-exporter: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351893 | NEW | medium | CVE-2025-22870 golang-github-rogpeppe-internal: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351894 | NEW | medium | CVE-2025-22870 golang-honnef-tools: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351895 | NEW | medium | CVE-2025-22870 golang-mvdan-xurls: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351896 | NEW | medium | CVE-2025-22870 golang-x-mod: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351897 | NEW | medium | CVE-2025-22870 golang-x-net: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351898 | NEW | medium | CVE-2025-22870 golang-x-text: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351899 | NEW | medium | CVE-2025-22870 golang-x-tools: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351900 | NEW | medium | CVE-2025-22870 golang-x-vuln: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351901 | NEW | medium | CVE-2025-22870 matterbridge: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351902 | NEW | medium | CVE-2025-22870 opentofu: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351903 | NEW | medium | CVE-2025-22870 pack: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351904 | NEW | medium | CVE-2025-22870 podman-tui: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351905 | NEW | medium | CVE-2025-22870 prometheus-podman-exporter: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351906 | NEW | medium | CVE-2025-22870 rclone: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351907 | NEW | medium | CVE-2025-22870 receptor: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351908 | NEW | medium | CVE-2025-22870 restic: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351909 | NEW | medium | CVE-2025-22870 singularity-ce: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351910 | NEW | medium | CVE-2025-22870 snapd: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351912 | NEW | medium | CVE-2025-22870 trivy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2351913 | NEW | medium | CVE-2025-22870 yggdrasil: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2352351 | NEW | medium | CVE-2025-22870 golang-github-facebook-time: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [epel-9] |
| 2352504 | ON_QA | high | CVE-2025-24855 mingw-libxslt: Use-After-Free in libxslt numbers.c [epel-9] |
| 2352505 | NEW | high | CVE-2025-24855 qt5-qtwebengine: Use-After-Free in libxslt numbers.c [epel-9] |
| 2352506 | NEW | high | CVE-2025-24855 qt6-qtwebengine: Use-After-Free in libxslt numbers.c [epel-9] |
| 2352514 | ON_QA | high | CVE-2024-55549 mingw-libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) [epel-9] |
| 2352515 | NEW | high | CVE-2024-55549 qt5-qtwebengine: Use-After-Free in libxslt (xsltGetInheritedNsList) [epel-9] |
| 2352516 | NEW | high | CVE-2024-55549 qt6-qtwebengine: Use-After-Free in libxslt (xsltGetInheritedNsList) [epel-9] |
| 2352844 | NEW | medium | CVE-2025-2357 dcmtk: DCMTK dcmjpls JPEG-LS Decoder memory corruption [epel-9] |
| 2352848 | NEW | medium | CVE-2025-2310 hdf5: HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow [epel-9] |
| 2353080 | NEW | medium | CVE-2024-40635 pack: containerd has an integer overflow in User ID handling [epel-9] |
| 2353082 | NEW | medium | CVE-2024-40635 trivy: containerd has an integer overflow in User ID handling [epel-9] |
| 2353902 | NEW | high | CVE-2024-7776 onnx: Arbitrary File Overwrite in onnx/onnx [epel-9] |
| 2354013 | NEW | low | CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking [epel-9] |
| 2354047 | NEW | medium | CVE-2024-13903 radare2: quickjs-ng QuickJS qjs quickjs.c JS_GetRuntime stack-based overflow [epel-9] |
| 2354382 | NEW | high | CVE-2025-30472 corosync-epel: Stack buffer overflow from 'orf_token_endian_convert' [epel-9] |
| 2354395 | NEW | high | CVE-2025-30204 golang-github-prometheus: jwt-go allows excessive memory allocation during header parsing [epel-9] |
| 2354396 | NEW | high | CVE-2025-30204 opentofu: jwt-go allows excessive memory allocation during header parsing [epel-9] |
| 2354397 | NEW | high | CVE-2025-30204 pack: jwt-go allows excessive memory allocation during header parsing [epel-9] |
| 2354398 | NEW | high | CVE-2025-30204 receptor: jwt-go allows excessive memory allocation during header parsing [epel-9] |
| 2354399 | NEW | high | CVE-2025-30204 trivy: jwt-go allows excessive memory allocation during header parsing [epel-9] |
| 2354819 | NEW | medium | CVE-2025-2756 assimp: Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection heap-based overflow [epel-9] |
| 2354822 | NEW | medium | CVE-2025-2753 assimp: Open Asset Import Library Assimp LWS File LWSLoader.cpp MergeScenes out-of-bounds [epel-9] |
| 2354829 | NEW | medium | CVE-2025-2754 assimp: Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection heap-based overflow [epel-9] |
| 2355239 | NEW | low | CVE-2025-31160 atop: denial of service in atop [epel-9] |
| 2355347 | NEW | medium | CVE-2025-31181 gnuplot: gnuplot segmentation fault on X11_graphics [epel-all] |
| 2355349 | NEW | medium | CVE-2025-31180 gnuplot: gnuplot segmentation fault on CANVAS_text [epel-all] |
| 2355350 | NEW | medium | CVE-2025-31179 gnuplot: gnuplot segmentation fault on xstrftime [epel-all] |
| 2355353 | NEW | medium | CVE-2025-31178 gnuplot: gnuplot segmentation fault on GetAnnotateString [epel-all] |
| 2355354 | NEW | medium | CVE-2025-31177 gnuplot: gnuplot heap-buffer overflow on utf8_copy_one [epel-all] |
| 2355357 | NEW | medium | CVE-2025-31176 gnuplot: gnuplot segmentation fault on plot3d_points [epel-all] |