Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Extra_packages_for_enterprise_linux
(Fedoraproject)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 76 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-19 | CVE-2022-3213 | A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. | Extra_packages_for_enterprise_linux, Fedora, Imagemagick | 5.5 | ||
| 2022-09-30 | CVE-2022-40313 | Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 7.1 | ||
| 2022-09-30 | CVE-2022-40315 | A limited SQL injection risk was identified in the "browse list of users" site administration page. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 9.8 | ||
| 2022-09-30 | CVE-2022-40316 | The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 4.3 | ||
| 2022-11-25 | CVE-2022-45152 | A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 9.1 | ||
| 2022-11-29 | CVE-2022-4144 | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. | Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux | 6.5 | ||
| 2022-12-09 | CVE-2022-4170 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | Extra_packages_for_enterprise_linux, Fedora, Rxvt\-Unicode | 9.8 | ||
| 2023-03-23 | CVE-2023-1289 | A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote... | Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux | 5.5 | ||
| 2023-03-23 | CVE-2023-0056 | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | Extra_packages_for_enterprise_linux, Fedora, Haproxy, Ceph_storage, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Software_collections | 6.5 | ||
| 2023-05-02 | CVE-2023-30944 | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 7.3 |