Redhat: Security Vulnerabilities
A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-05-12
A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-06
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-04-29
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
CVSS Score
7.5
EPSS Score
0.005
Published
2025-04-29
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-04-23
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-04-23
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-04-23
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-04-23
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
CVSS Score
7.4
EPSS Score
0.002
Published
2025-04-03
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVSS Score
7.0
EPSS Score
0.008
Published
2025-04-03