Fedoraproject Extra_packages_for_enterprise_linux
76 CVEs affecting Fedoraproject Extra_packages_for_enterprise_linux. Latest disclosed: 2024-01-16. Critical: 6, High: 27.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-34152 | Critical | 9.8 | 2023-05-30 | A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. |
CVE-2022-4170 | Critical | 9.8 | 2022-12-09 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user'… |
CVE-2022-40315 | Critical | 9.8 | 2022-09-30 | A limited SQL injection risk was identified in the "browse list of users" site administration page. |
CVE-2022-45152 | Critical | 9.1 | 2022-11-25 | A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI pro… |
CVE-2022-24882 | Critical | 9.1 | 2022-04-26 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort… |
CVE-2021-45079 | Critical | 9.1 | 2022-01-31 | In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP… |
CVE-2022-2296 | High | 8.8 | 2022-07-28 | Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific us… |
CVE-2022-2295 | High | 8.8 | 2022-07-28 | Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2022-2294 | High | 8.8 | 2022-07-28 | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pag… |
CVE-2022-2163 | High | 8.8 | 2022-07-28 | Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to pot… |
CVE-2022-2158 | High | 8.8 | 2022-07-28 | Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2022-0983 | High | 8.8 | 2022-03-25 | An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by… |
CVE-2021-43559 | High | 8.8 | 2021-11-22 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality… |
CVE-2021-21897 | High | 8.8 | 2021-09-08 | A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to… |
CVE-2021-38714 | High | 8.8 | 2021-08-24 | In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() func… |
CVE-2022-25648 | High | 8.1 | 2022-04-19 | The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, th… |
CVE-2022-4318 | High | 7.8 | 2023-09-25 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. |
CVE-2023-34432 | High | 7.8 | 2023-07-10 | A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, cod… |
CVE-2023-34318 | High | 7.8 | 2023-07-10 | A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code exec… |
CVE-2023-34153 | High | 7.8 | 2023-05-30 | A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VI… |