Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Extra_packages_for_enterprise_linux
(Fedoraproject)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 76 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-14 | CVE-2022-0571 | Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. | Extra_packages_for_enterprise_linux, Fedora, Phoronix_test_suite | 6.1 | ||
| 2022-02-15 | CVE-2022-21698 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except... | Extra_packages_for_enterprise_linux, Fedora, Client_golang, Rdo | 7.5 | ||
| 2022-02-24 | CVE-2022-0546 | A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. | Blender, Debian_linux, Extra_packages_for_enterprise_linux, Fedora | 7.8 | ||
| 2022-03-18 | CVE-2022-27191 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | Extra_packages_for_enterprise_linux, Fedora, Ssh, Advanced_cluster_management_for_kubernetes | 7.5 | ||
| 2022-03-25 | CVE-2022-0983 | An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 8.8 | ||
| 2022-04-19 | CVE-2022-25648 | The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Git | 9.8 | ||
| 2022-04-20 | CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | Extra_packages_for_enterprise_linux, Fedora, Go | 7.5 | ||
| 2022-04-26 | CVE-2022-24882 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. | Extra_packages_for_enterprise_linux, Fedora, Freerdp | 7.5 | ||
| 2022-07-28 | CVE-2022-2158 | Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Extra_packages_for_enterprise_linux, Fedora, Chrome | 8.8 | ||
| 2022-07-28 | CVE-2022-2163 | Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. | Extra_packages_for_enterprise_linux, Fedora, Chrome | 8.8 |