Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Extra_packages_for_enterprise_linux
(Fedoraproject)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 76 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-09 | CVE-2023-5540 | A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 8.8 | ||
| 2023-11-09 | CVE-2023-5542 | Students in "Only see own membership" groups could see other students in the group, which should be hidden. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 4.3 | ||
| 2023-11-09 | CVE-2023-5548 | Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 | ||
| 2023-11-09 | CVE-2023-5549 | Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 | ||
| 2022-12-09 | CVE-2022-4170 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | Extra_packages_for_enterprise_linux, Fedora, Rxvt\-Unicode | 9.8 | ||
| 2020-01-16 | CVE-2020-7106 | Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | Cacti, Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Backports_sle, Leap, Package_hub | 6.1 | ||
| 2020-02-26 | CVE-2020-9274 | An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. | Ubuntu_linux, Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Pure\-Ftpd | 7.5 | ||
| 2020-12-08 | CVE-2020-27818 | A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. | Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Pngcheck | 3.3 | ||
| 2021-01-05 | CVE-2020-27842 | There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Outside_in_technology, Codeready_linux_builder, Codeready_linux_builder_for_ibm_z_systems, Codeready_linux_builder_for_power_little_endian, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Openjpeg | 5.5 | ||
| 2021-02-23 | CVE-2021-20247 | A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. | Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Mbsync | 7.4 |