Product:

Enterprise_linux

(Redhat)
Date Id Summary Products Score Patch Annotated
2022-05-18 CVE-2022-30597 A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Fedora, Moodle, Enterprise_linux 5.3
2022-05-18 CVE-2022-30598 A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Fedora, Moodle, Enterprise_linux 4.3
2022-05-18 CVE-2022-30599 A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Fedora, Moodle, Enterprise_linux 9.8
2022-05-18 CVE-2022-30600 A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Fedora, Moodle, Enterprise_linux 9.8
2022-06-02 CVE-2022-1789 With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. Debian_linux, Fedora, Linux_kernel, Enterprise_linux 6.8
2022-07-25 CVE-2022-35651 A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. Fedora, Moodle, Enterprise_linux 6.1
2022-07-25 CVE-2022-35653 A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not... Fedora, Moodle, Enterprise_linux 6.1
2022-08-01 CVE-2022-2509 A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. Debian_linux, Fedora, Gnutls, Enterprise_linux 7.5
2022-08-22 CVE-2021-3659 A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. Fedora, Linux_kernel, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Virtualization_host 5.5
2022-08-17 CVE-2020-14394 An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux, Openstack_platform 3.2