Product:

Extra_packages_for_enterprise_linux

(Fedoraproject)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 76
Date Id Summary Products Score Patch Annotated
2022-09-30 CVE-2022-40316 The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. Extra_packages_for_enterprise_linux, Fedora, Moodle 4.3
2022-11-25 CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. Extra_packages_for_enterprise_linux, Fedora, Moodle 9.1
2022-11-29 CVE-2022-4144 An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux 6.5
2022-12-09 CVE-2022-4170 The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. Extra_packages_for_enterprise_linux, Fedora, Rxvt\-Unicode 9.8
2023-03-23 CVE-2023-1289 A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote... Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 5.5
2023-03-23 CVE-2023-0056 An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. Extra_packages_for_enterprise_linux, Fedora, Haproxy, Ceph_storage, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Software_collections 6.5
2023-04-12 CVE-2023-1906 A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. Extra_packages_for_enterprise_linux, Fedora, Imagemagick 5.5
2023-05-02 CVE-2023-30944 The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. Extra_packages_for_enterprise_linux, Fedora, Moodle 7.3
2023-05-02 CVE-2023-30943 The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Extra_packages_for_enterprise_linux, Fedora, Moodle 5.3
2023-06-16 CVE-2023-34474 A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. Extra_packages_for_enterprise_linux, Fedora, Imagemagick 5.5