Product:

Extra_packages_for_enterprise_linux

(Fedoraproject)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 76
Date Id Summary Products Score Patch Annotated
2023-11-09 CVE-2023-5540 A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. Extra_packages_for_enterprise_linux, Fedora, Moodle 8.8
2023-11-09 CVE-2023-5542 Students in "Only see own membership" groups could see other students in the group, which should be hidden. Extra_packages_for_enterprise_linux, Fedora, Moodle 4.3
2023-11-09 CVE-2023-5548 Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. Extra_packages_for_enterprise_linux, Fedora, Moodle 5.3
2023-11-09 CVE-2023-5549 Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. Extra_packages_for_enterprise_linux, Fedora, Moodle 5.3
2022-12-09 CVE-2022-4170 The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. Extra_packages_for_enterprise_linux, Fedora, Rxvt\-Unicode 9.8
2020-01-16 CVE-2020-7106 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti, Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Backports_sle, Leap, Package_hub 6.1
2020-02-26 CVE-2020-9274 An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. Ubuntu_linux, Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Pure\-Ftpd 7.5
2020-12-08 CVE-2020-27818 A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Pngcheck 3.3
2021-01-05 CVE-2020-27842 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Outside_in_technology, Codeready_linux_builder, Codeready_linux_builder_for_ibm_z_systems, Codeready_linux_builder_for_power_little_endian, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Openjpeg 5.5
2021-02-23 CVE-2021-20247 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Mbsync 7.4