Repo Status -
Overall Status
Page updated: 2024-12-18 03:33
| 2122735 | POST | low | CVE-2021-33456 yasm: NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122737 | POST | low | CVE-2021-33457 yasm: NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c [epel-all] |
| 2122739 | POST | low | CVE-2021-33459 yasm: NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c [epel-all] |
| 2264275 | NEW | unspecified | CVE-2023-46136 python-werkzeug: high resource consumption leading to denial of service [epel-9] |
| 2316315 | NEW | high | CVE-2024-25590 pdns: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor [epel-all] |
| 2316316 | NEW | high | CVE-2024-25590 pdns-recursor: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor [epel-all] |
| 2317099 | NEW | high | CVE-2024-43363 cacti: Remote code execution via Log Poisoning in Cacti [epel-9] |
| 2317102 | NEW | high | CVE-2024-43362 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-9] |
| 2317106 | NEW | medium | CVE-2024-43364 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-9] |
| 2317110 | NEW | medium | CVE-2024-43365 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-9] |
| 2317490 | NEW | high | CVE-2024-45160 lemonldap-ng: From NVD collector [epel-9] |
| 2317756 | NEW | medium | CVE-2024-48933 lemonldap-ng: XSS/HTML Injection login page when user contains special characters [epel-9] |
| 2318146 | NEW | high | CVE-2024-8376 mosquitto: sending specific sequences of packets may trigger memory leak [epel-all] |
| 2319554 | NEW | medium | CVE-2024-44337 matterbridge: infinite loop via the paragraph function of parser/block.go [epel-all] |
| 2321496 | NEW | high | CVE-2024-3661 dhcpcd: DHCP routing options can manipulate interface-based VPN traffic [epel-all] |
| 2321555 | NEW | medium | CVE-2024-50383 botan2: compiler-induced side channel in lib/utils/donna128.h [epel-9] |
| 2321649 | NEW | medium | CVE-2024-50382 botan2: compiler-induced side channel in lib/utils/ghash/ghash.cpp [epel-9] |
| 2321667 | NEW | high | CVE-2024-48208 pure-ftpd: out of bounds read in the domlsd() function of ls.c [epel-9] |
| 2322188 | NEW | medium | CVE-2024-50614 tinyxml2: reachable assertion in GetCharacterRef() [epel-9] |
| 2322471 | NEW | high | CVE-2024-49769 python-waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion [epel-9] |
| 2322946 | NEW | high | CVE-2024-10525 mosquitto: heap buffer overflow in my_subscribe_callback [epel-9] |
| 2322981 | NEW | medium | CVE-2024-10573 SDL_sound: Buffer overflow when writin decoded PCM samples [epel-all] |
| 2322982 | NEW | medium | CVE-2024-10573 wine: Buffer overflow when writin decoded PCM samples [epel-all] |
| 2323265 | NEW | high | CVE-2024-44185 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [epel-all] |
| 2323280 | NEW | high | CVE-2024-44244 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [epel-all] |
| 2323293 | NEW | medium | CVE-2024-44296 obs-studio-plugin-webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [epel-all] |
| 2323593 | NEW | urgent | CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [epel-9] |
| 2326579 | NEW | medium | CVE-2024-52522 rclone: improper permission and ownership handling on symlink targets with --links and --metadata [epel-all] |
| 2326929 | NEW | medium | CVE-2024-52947 lemonldap-ng: From CVEorg collector [epel-9] |
| 2326936 | NEW | high | CVE-2024-52946 lemonldap-ng: Improper Authentication Level Check in LemonLDAP::NG [epel-9] |
| 2328914 | NEW | medium | CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [epel-9] |
| 2330015 | NEW | medium | CVE-2024-53259 caddy: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux [epel-9] |
| 2330016 | NEW | medium | CVE-2024-53259 receptor: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux [epel-9] |
| 2330162 | ASSIGNED | medium | CVE-2024-11738 rust-rustls: rustls network-reachable panic in `Acceptor::accept` [epel-9] |
| 2330644 | NEW | medium | CVE-2024-53846 erlang: ssl fails to validate incorrect extened key usage [epel-all] |
| 2330731 | NEW | medium | CVE-2024-52798 magicmirror: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2330732 | NEW | medium | CVE-2024-52798 mozjs78: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2330733 | NEW | medium | CVE-2024-52798 qt6-qtwebengine: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2330734 | NEW | medium | CVE-2024-52798 trivy: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x [epel-9] |
| 2331082 | NEW | medium | CVE-2024-12361 ffmpeg: FFmpeg NULL Pointer Dereference [epel-9] |
| 2331083 | NEW | medium | CVE-2024-12361 qt5-qtwebengine: FFmpeg NULL Pointer Dereference [epel-9] |
| 2331084 | NEW | medium | CVE-2024-12361 qt6-qtwebengine: FFmpeg NULL Pointer Dereference [epel-9] |
| 2331093 | NEW | medium | CVE-2024-55565 phpMyAdmin: nanoid mishandles non-integer values [epel-9] |
| 2331094 | NEW | medium | CVE-2024-55565 qgis: nanoid mishandles non-integer values [epel-9] |
| 2331095 | NEW | medium | CVE-2024-55565 qt6-qtwebengine: nanoid mishandles non-integer values [epel-9] |
| 2331096 | NEW | medium | CVE-2024-55565 trivy: nanoid mishandles non-integer values [epel-9] |
| 2331625 | NEW | medium | CVE-2024-46657 mupdf: segmentation fault via tools/pdfextract.c [epel-9] |
| 2331928 | NEW | high | CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331929 | NEW | high | CVE-2024-45337 golang-x-crypto: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331930 | NEW | high | CVE-2024-45337 matterbridge: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331931 | NEW | high | CVE-2024-45337 opentofu: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331932 | NEW | high | CVE-2024-45337 pack: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331933 | NEW | high | CVE-2024-45337 podman-tui: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331934 | NEW | high | CVE-2024-45337 prometheus-podman-exporter: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331935 | NEW | high | CVE-2024-45337 rclone: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331936 | NEW | high | CVE-2024-45337 restic: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2331938 | NEW | high | CVE-2024-45337 trivy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9] |
| 2332916 | NEW | medium | CVE-2024-54662 dante: incorrect access control for some sockd.conf configurations [epel-9] |