Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Extra Packages For Enterprise Linux
Total 76 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3213 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2024-02-28 N/A 5.5 MEDIUM
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVE-2022-2719 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2024-02-28 N/A 5.5 MEDIUM
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
CVE-2022-2163 2 Fedoraproject, Google 3 Extra Packages For Enterprise Linux, Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.
CVE-2022-40315 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-02-28 N/A 9.8 CRITICAL
A limited SQL injection risk was identified in the "browse list of users" site administration page.
CVE-2022-2158 2 Fedoraproject, Google 3 Extra Packages For Enterprise Linux, Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-40313 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-02-28 N/A 7.1 HIGH
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
CVE-2022-2296 2 Fedoraproject, Google 4 Extra Packages For Enterprise Linux, Fedora, Chrome and 1 more 2024-02-28 N/A 8.8 HIGH
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.
CVE-2022-40316 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-02-28 N/A 4.3 MEDIUM
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
CVE-2022-0367 3 Debian, Fedoraproject, Libmodbus 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more 2024-02-28 N/A 7.8 HIGH
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
CVE-2022-2295 2 Fedoraproject, Google 3 Extra Packages For Enterprise Linux, Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0983 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-02-28 6.5 MEDIUM 8.8 HIGH
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
CVE-2022-24882 2 Fedoraproject, Freerdp 3 Extra Packages For Enterprise Linux, Fedora, Freerdp 2024-02-28 5.0 MEDIUM 7.5 HIGH
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
CVE-2022-21698 3 Fedoraproject, Prometheus, Rdo Project 4 Extra Packages For Enterprise Linux, Fedora, Client Golang and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.
CVE-2022-0571 2 Fedoraproject, Phoronix-media 3 Extra Packages For Enterprise Linux, Fedora, Phoronix Test Suite 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
CVE-2022-0546 3 Blender, Debian, Fedoraproject 4 Blender, Debian Linux, Extra Packages For Enterprise Linux and 1 more 2024-02-28 5.1 MEDIUM 7.8 HIGH
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
CVE-2022-28327 2 Fedoraproject, Golang 3 Extra Packages For Enterprise Linux, Fedora, Go 2024-02-28 5.0 MEDIUM 7.5 HIGH
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
CVE-2022-32546 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVE-2021-3733 4 Fedoraproject, Netapp, Python and 1 more 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
CVE-2022-27191 3 Fedoraproject, Golang, Redhat 5 Extra Packages For Enterprise Linux, Fedora, Ssh and 2 more 2024-02-28 4.3 MEDIUM 7.5 HIGH
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
CVE-2022-0725 2 Fedoraproject, Keepass 3 Extra Packages For Enterprise Linux, Fedora, Keepass 2024-02-28 5.0 MEDIUM 7.5 HIGH
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.