Fedoraproject Extra Packages For Enterprise Linux — known CVE vulnerabilities
Every CVE whose affected-product data names Fedoraproject Extra Packages For Enterprise Linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (76)
CVE-2022-4170 — CVSS 9.8 (critical): The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data…
CVE-2023-34152 — CVSS 9.8 (critical): A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes…
CVE-2022-45152 — CVSS 9.1 (critical): A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of…
CVE-2022-24882 — CVSS 9.1 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication…
CVE-2021-45079 — CVSS 9.1 (critical): In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and…
CVE-2022-2296 — CVSS 8.8 (high): Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to…
CVE-2021-38714 — CVSS 8.8 (high): In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found…
CVE-2021-43559 — CVSS 8.8 (high): A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related…
CVE-2022-2295 — CVSS 8.8 (high): Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2021-21897 — CVSS 8.8 (high): A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted…
CVE-2022-0983 — CVSS 8.8 (high): An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to…
CVE-2022-2158 — CVSS 8.8 (high): Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2022-2163 — CVSS 8.8 (high): Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a…
CVE-2022-25648 — CVSS 8.1 (high): The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin'…
CVE-2022-32545 — CVSS 7.8 (high): A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c…
CVE-2023-34318 — CVSS 7.8 (high): A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial…
CVE-2022-4318 — CVSS 7.8 (high): A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted…
CVE-2023-34153 — CVSS 7.8 (high): A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or…
CVE-2023-34432 — CVSS 7.8 (high): A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a…
CVE-2022-0367 — CVSS 7.8 (high): A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
CVE-2022-0546 — CVSS 7.8 (high): A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause…
CVE-2022-32546 — CVSS 7.8 (high): A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c…
CVE-2022-27191 — CVSS 7.5 (high): The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain…
CVE-2020-9274 — CVSS 7.5 (high): An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When…
CVE-2021-23727 — CVSS 7.5 (high): This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When…
CVE-2022-0725 — CVSS 7.5 (high): A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information…
CVE-2022-21698 — CVSS 7.5 (high): client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling…
CVE-2022-28327 — CVSS 7.5 (high): The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
CVE-2021-20247 — CVSS 7.4 (high): A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a…
CVE-2022-40313 — CVSS 7.1 (high): Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to…
CVE-2023-5764 — CVSS 7.1 (high): A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation…
CVE-2023-6395 — CVSS 6.7 (medium): The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of…
CVE-2023-0056 — CVSS 6.5 (medium): An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an…
CVE-2021-3733 — CVSS 6.5 (medium): There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as…
CVE-2023-30943 — CVSS 6.5 (medium): The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE…
CVE-2023-5550 — CVSS 6.5 (medium): In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct…
CVE-2022-4144 — CVSS 6.5 (medium): An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of…
CVE-2023-3428 — CVSS 6.2 (medium): A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the…
CVE-2023-32627 — CVSS 6.2 (medium): A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a…
CVE-2023-26590 — CVSS 6.2 (medium): A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead…
CVE-2022-0571 — CVSS 6.1 (medium): Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
CVE-2020-7106 — CVSS 6.1 (medium): Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php…
CVE-2021-43558 — CVSS 6.1 (medium): A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in…
CVE-2023-30944 — CVSS 5.6 (medium): The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing…
CVE-2023-4256 — CVSS 5.5 (medium): Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within…
CVE-2021-46141 — CVSS 5.5 (medium): An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
CVE-2023-34151 — CVSS 5.5 (medium): A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and…
CVE-2023-1289 — CVSS 5.5 (medium): A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw…
CVE-2023-1906 — CVSS 5.5 (medium): A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An…
CVE-2023-4255 — CVSS 5.5 (medium): An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application…
CVE-2020-27842 — CVSS 5.5 (medium): There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by…
CVE-2022-3213 — CVSS 5.5 (medium): A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined…
CVE-2022-2719 — CVSS 5.5 (medium): In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a…
CVE-2021-46142 — CVSS 5.5 (medium): An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
CVE-2023-34474 — CVSS 5.5 (medium): A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could…
CVE-2023-34475 — CVSS 5.5 (medium): A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick…
CVE-2023-3195 — CVSS 5.5 (medium): A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a…
CVE-2021-43560 — CVSS 5.3 (medium): A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient…
CVE-2023-51766 — CVSS 5.3 (medium): Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation…
CVE-2024-0232 — CVSS 4.7 (medium): A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local…
CVE-2023-38252 — CVSS 4.7 (medium): An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of…
CVE-2023-38253 — CVSS 4.7 (medium): An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial…
CVE-2023-5539 — CVSS 4.7 (medium): A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVE-2023-5540 — CVSS 4.7 (medium): A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVE-2022-40316 — CVSS 4.3 (medium): The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers…
CVE-2023-5545 — CVSS 3.3 (low): H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5548 — CVSS 3.3 (low): Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
CVE-2023-5549 — CVSS 3.3 (low): Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they…
CVE-2023-5542 — CVSS 3.3 (low): Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVE-2023-5551 — CVSS 3.3 (low): Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVE-2020-27818 — CVSS 3.3 (low): A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by…
CVE-2023-5543 — CVSS 3.3 (low): When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This…
CVE-2020-14394 — CVSS 3.2 (low): An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB)…