Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-49178
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL
CVE-2025-4404
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Freeipa: idm: privilege escalation from host to domain admin in freeipa

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

ipa
*
freeipa
<4.12.4
idm:DL1
*
idm:client
*

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.tipa

Phonetic font for TeX

pkgs.nipap

Neat IP Address Planner

pkgs.freeipa

Identity, Policy and Audit system

pkgs.ipafont

Japanese font package with Mincho and Gothic fonts

pkgs.ipatool

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

pkgs.codipack

Fast gradient evaluation in C++ based on Expression Templates

pkgs.snipaste

Screenshot tools

pkgs.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.iniparser

Free standalone ini file parsing library

pkgs.ipaexfont

Japanese font package with Mincho and Gothic fonts

pkgs.multipass

Ubuntu VMs on demand for any workstation

pkgs.nipap-cli

Neat IP Address Planner CLI

pkgs.nipap-www

Neat IP Address Planner CLI, web UI

pkgs.uriparser

Strictly RFC 3986 compliant URI parsing library

pkgs.frangipanni

Convert lines of text into a tree structure

pkgs.ipad_charge

Apple device USB charging utility for Linux

pkgs.nucleiparser

Nuclei output parser for CLI

pkgs.multipath-tools

Tools for the Linux multipathing storage driver

pkgs.ripasso-cursive

Simple password manager written in Rust

pkgs.multipart-parser-c

Http multipart parser implemented in C

pkgs.haskellPackages.ipa

Internal Phonetic Alphabet (IPA)

pkgs.python312Packages.nipap

Neat IP Address Planner

pkgs.python313Packages.nipap

Neat IP Address Planner

pkgs.python312Packages.ipaddr

IP address manipulation library

pkgs.python312Packages.ipadic

Contemporary Written Japanese dictionary

pkgs.python313Packages.ipaddr

IP address manipulation library

pkgs.python313Packages.ipadic

Contemporary Written Japanese dictionary

pkgs.haskellPackages.multipart

Parsers for the HTTP multipart format

pkgs.python312Packages.pynipap

Python client library for Neat IP Address Planner

pkgs.python313Packages.pynipap

Python client library for Neat IP Address Planner

pkgs.python312Packages.iniparse

Accessing and Modifying INI files

pkgs.python313Packages.iniparse

Accessing and Modifying INI files

pkgs.graylogPlugins.ipanonymizer

Graylog-server plugin that replaces the last octet of IP addresses in messages with xxx

pkgs.haskellPackages.unipatterns

Helpers which allow safe partial pattern matching in lambdas

pkgs.python312Packages.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.python312Packages.multipart

Parser for multipart/form-data

pkgs.python313Packages.gruut-ipa

Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)

pkgs.python313Packages.multipart

Parser for multipart/form-data

pkgs.typstPackages.ascii-ipa_1_0_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_1_1_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_1_1_1

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.typstPackages.ascii-ipa_2_0_0

Converter for ASCII representations of the International Phonetic Alphabet (IPA

pkgs.haskellPackages.multipart-names

Handling of multipart names in various casing styles

pkgs.haskellPackages.servant-multipart

multipart/form-data (e.g file upload) support for servant

pkgs.python312Packages.flask-principal

Identity management for flask

pkgs.python312Packages.types-ipaddress

Typing stubs for ipaddress

pkgs.python313Packages.flask-principal

Identity management for flask

pkgs.python313Packages.types-ipaddress

Typing stubs for ipaddress

pkgs.python312Packages.cached-ipaddress

Cache construction of ipaddress objects

pkgs.python312Packages.python-multipart

Streaming multipart parser for Python

pkgs.python312Packages.python-vipaccess

Free software implementation of Symantec's VIP Access application and protocol

pkgs.python312Packages.sansio-multipart

Parser for multipart/form-data

pkgs.python313Packages.cached-ipaddress

Cache construction of ipaddress objects

pkgs.python313Packages.python-multipart

Streaming multipart parser for Python

pkgs.python313Packages.python-vipaccess

Free software implementation of Symantec's VIP Access application and protocol

pkgs.python313Packages.sansio-multipart

Parser for multipart/form-data

pkgs.haskellPackages.http-client-multipart

Generate multipart uploads for http-client. (deprecated)

pkgs.haskellPackages.servant-multipart-api

multipart/form-data (e.g file upload) support for servant

pkgs.haskellPackages.servant-multipart-client

multipart/form-data (e.g file upload) support for servant

pkgs.python312Packages.nested-multipart-parser

Parser for nested data for 'multipart/form'

pkgs.python313Packages.nested-multipart-parser

Parser for nested data for 'multipart/form'

pkgs.haskellPackages.amazonka-connectparticipant

Amazon Connect Participant Service SDK

pkgs.haskellPackages.autodocodec-servant-multipart

Autodocodec interpreters for Servant Multipart

pkgs.chickenPackages_5.chickenEggs.multipart-form-data

Reads & decodes HTTP multipart/form-data requests.

pkgs.python312Packages.types-aiobotocore-connectparticipant

Type annotations for aiobotocore connectparticipant

pkgs.python313Packages.types-aiobotocore-connectparticipant

Type annotations for aiobotocore connectparticipant

pkgs.python312Packages.microsoft-kiota-serialization-multipart

Multipart serialization implementation for Kiota clients in Python

pkgs.python313Packages.microsoft-kiota-serialization-multipart

Multipart serialization implementation for Kiota clients in Python
Package maintainers: 24
CVE-2025-6020
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Linux-pam: linux-pam directory traversal

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

pam
*
linux-pam
<1.7.1
rhosdt/tempo-rhel8
*
rhosdt/tempo-query-rhel8
*
rhosdt/tempo-gateway-rhel8
*
rhosdt/tempo-rhel8-operator
*
rhpam-7/rhpam-rhel8-operator
*
rhpam-7/rhpam-kieserver-rhel8
*
rhpam-7/rhpam-operator-bundle
*
rhosdt/tempo-gateway-opa-rhel8
*
rhpam-7/rhpam-controller-rhel8
*
rhosdt/tempo-jaeger-query-rhel8
*
rhpam-7/rhpam-dashbuilder-rhel8
*
rhpam-7/rhpam-smartrouter-rhel8
*
discovery/discovery-server-rhel9
*
rhosdt/opentelemetry-rhel8-operator
*
rhpam-7/rhpam-businesscentral-rhel8
*
rhosdt/opentelemetry-collector-rhel8
*
registry.redhat.io/rhosdt/tempo-rhel8
*
rhpam-7/rhpam-process-migration-rhel8
*
web-terminal/web-terminal-tooling-rhel9
*
cert-manager/jetstack-cert-manager-rhel9
*
web-terminal/web-terminal-rhel9-operator
*
registry.redhat.io/rhosdt/tempo-query-rhel8
*
rhosdt/opentelemetry-target-allocator-rhel8
*
insights-proxy/insights-proxy-container-rhel9
*
registry.redhat.io/rhosdt/tempo-gateway-rhel8
*
compliance/openshift-compliance-openscap-rhel8
*
registry.redhat.io/rhosdt/tempo-rhel8-operator
*
rhpam-7/rhpam-businesscentral-monitoring-rhel8
*
openshift-sandboxed-containers/osc-monitor-rhel9
*
registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8
*
registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8
*
registry.redhat.io/discovery/discovery-server-rhel9
*
openshift-sandboxed-containers/osc-podvm-builder-rhel9
*
openshift-sandboxed-containers/osc-podvm-payload-rhel9
*
registry.redhat.io/rhosdt/opentelemetry-rhel8-operator
*
registry.redhat.io/rhosdt/opentelemetry-collector-rhel8
*
openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
*
registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8
*
registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9
*
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
*

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

pkgs.dspam

Community Driven Antispam Filter

pkgs.pamix

Pulseaudio terminal mixer

pkgs.rspamd

Advanced spam filtering system

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

pkgs.pamixer

Pulseaudio command line mixer

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

pkgs.opam2json

Convert opam file syntax to JSON

pkgs.pam_dp9ik

dp9ik pam module

pkgs.pam_gnupg

Unlock GnuPG keys on login

pkgs.pam_mount

PAM module to mount volumes for a user session

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

pkgs.pam_rundir

Provide user runtime directory on Linux systems

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

pkgs.yubico-pam

Yubico PAM module

pkgs.pam-watchid

PAM plugin module that allows the Apple Watch to be used for authentication

pkgs.apparmor-pam

Mandatory access control system - PAM service

pkgs.opam-publish

Tool to ease contributions to opam repositories

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

pkgs.spamassassin

Open-Source Spam Filter

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

pkgs.libpam-wrapper

Wrapper for testing PAM modules

pkgs.opam-installer

Handle (un)installation from opam install files

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

pkgs.pam_ssh_agent_auth

PAM module for authentication through the SSH agent

pkgs.decode-spam-headers

Script that helps you understand why your E-Mail ended up in Spam

pkgs.haskellPackages.pam

Haskell binding for C PAM API

pkgs.luaPackages.lua-pam

Lua module for PAM authentication

pkgs.google-authenticator

Two-step verification, with pam module

pkgs.lua51Packages.lua-pam

Lua module for PAM authentication

pkgs.lua52Packages.lua-pam

Lua module for PAM authentication

pkgs.lua53Packages.lua-pam

Lua module for PAM authentication

pkgs.kdePackages.kwallet-pam

PAM Integration with KWallet - Unlock KWallet when you login

pkgs.opensmtpd-filter-rspamd

OpenSMTPD filter integration for the Rspamd daemon

pkgs.python312Packages.pamqp

RabbitMQ Focused AMQP low-level library

pkgs.python313Packages.pamqp

RabbitMQ Focused AMQP low-level library

pkgs.python312Packages.pamela

PAM interface using ctypes

pkgs.python313Packages.pamela

PAM interface using ctypes

pkgs.stalwart-mail-spam-filter

Secure & modern all-in-one mail server Stalwart (spam-filter module)

pkgs.python312Packages.pypamtest

Wrapper for testing PAM modules

pkgs.python313Packages.pypamtest

Wrapper for testing PAM modules

pkgs.python312Packages.python-pam

Python pam module

pkgs.python313Packages.python-pam

Python pam module

pkgs.wordpressPackages.plugins.antispam-bee

pkgs.matrix-synapse-plugins.matrix-synapse-pam

PAM auth provider for the Synapse Matrix server

pkgs.matrix-synapse-plugins.synapse-http-antispam

Synapse module that forwards spam checking to an HTTP server

pkgs.matrix-synapse-plugins.matrix-synapse-mjolnir-antispam

AntiSpam / Banlist plugin to be used with mjolnir

pkgs.vscode-extensions.fabiospampinato.vscode-open-in-github

VS Code extension to open the current project or file in github.com
Package maintainers: 55
CVE-2025-49258
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
WordPress Maia <= 1.1.15 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Maia allows PHP Local File Inclusion. This issue affects Maia: from n/a through 1.1.15.

maia
=<1.1.15

pkgs.maia-icon-theme

Icons based on Breeze and Super Flat Remix

pkgs.papirus-maia-icon-theme

Manjaro variation of Papirus icon theme
Package maintainers: 2
CVE-2025-49177
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

tigervnc
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL
CVE-2025-4565 created 2 months, 2 weeks ago
Unbounded recursion in Python Protobuf

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901

protobuf
<5.29.5
<4.25.8
<6.31.1

pkgs.protobufc

C bindings for Google's Protocol Buffers

pkgs.go-protobuf

Go bindings for protocol buffer

pkgs.protobuf_21

Google's data interchange format

pkgs.protobuf_25

Google's data interchange format

pkgs.protobuf_27

Google's data interchange format

pkgs.protobuf_29

Google's data interchange format

pkgs.protobuf_30

Google's data interchange format

pkgs.protobuf_31

Google's data interchange format

pkgs.protobuf_32

Google's data interchange format

pkgs.mypy-protobuf

Generate mypy stub files from protobuf specs

pkgs.haskellPackages.protobuf

Google Protocol Buffers via GHC.Generics

pkgs.luaPackages.lua-protobuf

protobuf data support for Lua

pkgs.php81Extensions.protobuf

Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data

pkgs.php82Extensions.protobuf

Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data

pkgs.php83Extensions.protobuf

Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data

pkgs.php84Extensions.protobuf

Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data

pkgs.lua51Packages.lua-protobuf

protobuf data support for Lua

pkgs.lua52Packages.lua-protobuf

protobuf data support for Lua

pkgs.lua53Packages.lua-protobuf

protobuf data support for Lua

pkgs.lua54Packages.lua-protobuf

protobuf data support for Lua

pkgs.python313Packages.protobuf

Protocol Buffers are Google's data interchange format

pkgs.luajitPackages.lua-protobuf

protobuf data support for Lua

pkgs.python312Packages.protobuf4

Protocol Buffers are Google's data interchange format

pkgs.python312Packages.protobuf5

Protocol Buffers are Google's data interchange format

pkgs.python312Packages.protobuf6

Protocol Buffers are Google's data interchange format

pkgs.python313Packages.protobuf4

Protocol Buffers are Google's data interchange format

pkgs.python313Packages.protobuf5

Protocol Buffers are Google's data interchange format

pkgs.python313Packages.protobuf6

Protocol Buffers are Google's data interchange format

pkgs.haskellPackages.riak-protobuf

Haskell types for the Riak protocol buffer API

pkgs.haskellPackages.protobuf-simple

Simple Protocol Buffers library (proto2)

pkgs.python312Packages.mypy-protobuf

Generate mypy stub files from protobuf specs

pkgs.python312Packages.pure-protobuf

Python implementation of Protocol Buffers with dataclass-based schemas

pkgs.python313Packages.mypy-protobuf

Generate mypy stub files from protobuf specs

pkgs.python313Packages.pure-protobuf

Python implementation of Protocol Buffers with dataclass-based schemas

pkgs.haskellPackages.protobuf-builder

Slow protobuf implementation

pkgs.python312Packages.types-protobuf

Typing stubs for protobuf

pkgs.python313Packages.types-protobuf

Typing stubs for protobuf

pkgs.haskellPackages.language-protobuf

Language definition and parser for Protocol Buffers

pkgs.python312Packages.uplink-protobuf

Protocol Buffers (Protobuf) support for Uplink

pkgs.python313Packages.uplink-protobuf

Protocol Buffers (Protobuf) support for Uplink

pkgs.python312Packages.protobuf3-to-dict

Teeny Python library for creating Python dicts from protocol buffers and the reverse

pkgs.python313Packages.protobuf3-to-dict

Teeny Python library for creating Python dicts from protocol buffers and the reverse

pkgs.chickenPackages_5.chickenEggs.protobuf

Protocol buffer serialization

pkgs.haskellPackages.proto-lens-protobuf-types

Basic protocol buffer message types

pkgs.python312Packages.sigstore-protobuf-specs

Library for serializing and deserializing Sigstore messages

pkgs.python313Packages.sigstore-protobuf-specs

Library for serializing and deserializing Sigstore messages
Package maintainers: 16
CVE-2025-49794
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Libxml: heap use after free (uaf) leads to denial of service (dos)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

rhcos
*
libxml2
<2.15.0
*
web-terminal/web-terminal-tooling-rhel9
*
cert-manager/jetstack-cert-manager-rhel9
*
web-terminal/web-terminal-rhel9-operator
*
insights-proxy/insights-proxy-container-rhel9
*
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
*

pkgs.libxml2

XML parsing library for C

pkgs.libxml2_13

XML parsing library for C

pkgs.python312Packages.libxml2

XML parsing library for C

pkgs.python313Packages.libxml2

XML parsing library for C

pkgs.tests.pkg-config.defaultPkgConfigPackages."libxml-2.0"

Test whether libxml2-2.14.5 exposes pkg-config modules libxml-2.0
Package maintainers: 7
CVE-2025-6170
2.5 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 2 months, 2 weeks ago
Libxml2: stack buffer overflow in xmllint interactive shell command handling

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

rhcos
libxml2
<2.14.5

pkgs.libxml2

XML parsing library for C

pkgs.libxml2_13

XML parsing library for C

pkgs.python312Packages.libxml2

XML parsing library for C

pkgs.python313Packages.libxml2

XML parsing library for C

pkgs.tests.pkg-config.defaultPkgConfigPackages."libxml-2.0"

Test whether libxml2-2.14.5 exposes pkg-config modules libxml-2.0
Package maintainers: 7
CVE-2025-49795
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Libxml: null pointer dereference leads to denial of service (dos)

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

libxml2
<2.15.0
*

pkgs.libxml2

XML parsing library for C

pkgs.libxml2_13

XML parsing library for C

pkgs.python312Packages.libxml2

XML parsing library for C

pkgs.python313Packages.libxml2

XML parsing library for C

pkgs.tests.pkg-config.defaultPkgConfigPackages."libxml-2.0"

Test whether libxml2-2.14.5 exposes pkg-config modules libxml-2.0
Package maintainers: 7
CVE-2025-49796
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Libxml: type confusion leads to denial of service (dos)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

rhcos
*
libxml2
<2.15.0
*
discovery/discovery-server-rhel9
*
web-terminal/web-terminal-tooling-rhel9
*
cert-manager/jetstack-cert-manager-rhel9
*
web-terminal/web-terminal-rhel9-operator
*
insights-proxy/insights-proxy-container-rhel9
*
registry.redhat.io/discovery/discovery-server-rhel9
*
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
*

pkgs.libxml2

XML parsing library for C

pkgs.libxml2_13

XML parsing library for C

pkgs.python312Packages.libxml2

XML parsing library for C

pkgs.python313Packages.libxml2

XML parsing library for C

pkgs.tests.pkg-config.defaultPkgConfigPackages."libxml-2.0"

Test whether libxml2-2.14.5 exposes pkg-config modules libxml-2.0
Package maintainers: 7