python3-qrcode (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package python3-qrcode, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (21)
CVE-2025-4404 — CVSS 9.1 (critical): A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the…
CVE-2025-7493 — CVSS 9.1 (critical): A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where…
CVE-2024-2698 — CVSS 8.8 (high): A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the…
CVE-2025-59088 — CVSS 8.6 (high): If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV…
CVE-2024-3183 — CVSS 8.1 (high): A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different…
CVE-2021-3480 — CVSS 7.5 (high): A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an…
CVE-2020-25719 — CVSS 7.2 (high): A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD…
CVE-2020-11022 — CVSS 6.9 (medium): In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM…
CVE-2020-17049 — CVSS 6.6 (medium): A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for…
CVE-2023-5455 — CVSS 6.5 (medium): A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an…
CVE-2019-8331 — CVSS 6.1 (medium): In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2019-11358 — CVSS 6.1 (medium): jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of…
CVE-2016-10735 — CVSS 6.1 (medium): In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability…
CVE-2015-9251 — CVSS 6.1 (medium): jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType…
CVE-2025-59089 — CVSS 5.9 (medium): If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit…
CVE-2020-1722 — CVSS 5.3 (medium): A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the…