Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Extra_packages_for_enterprise_linux
(Fedoraproject)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 76 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-09 | CVE-2023-5545 | H5P metadata automatically populated the author with the user's username, which could be sensitive information. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 | ||
| 2023-11-09 | CVE-2023-5548 | Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 | ||
| 2023-11-09 | CVE-2023-5549 | Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 | ||
| 2023-11-09 | CVE-2023-5550 | In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 9.8 | ||
| 2023-11-09 | CVE-2023-5551 | Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 3.3 | ||
| 2023-11-09 | CVE-2023-5543 | When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 3.3 | ||
| 2023-12-12 | CVE-2023-5764 | A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. | Extra_packages_for_enterprise_linux, Fedora, Ansible, Ansible_automation_platform, Ansible_developer, Ansible_inside | 7.8 | ||
| 2023-12-21 | CVE-2023-4255 | An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. | Extra_packages_for_enterprise_linux, Fedora, W3m | 5.5 | ||
| 2023-12-21 | CVE-2023-4256 | Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. | Tcpreplay, Extra_packages_for_enterprise_linux, Fedora | 5.5 | ||
| 2023-12-24 | CVE-2023-51766 | Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. | Debian_linux, Exim, Extra_packages_for_enterprise_linux, Fedora | 5.3 |