Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Extra Packages For Enterprise Linux
Total 39 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24882 2 Fedoraproject, Freerdp 3 Extra Packages For Enterprise Linux, Fedora, Freerdp 2022-11-16 5.0 MEDIUM 7.5 HIGH
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
CVE-2022-21698 3 Fedoraproject, Prometheus, Rdo Project 4 Extra Packages For Enterprise Linux, Fedora, Client Golang and 1 more 2022-11-14 5.0 MEDIUM 7.5 HIGH
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.
CVE-2022-0725 2 Fedoraproject, Keepass 3 Extra Packages For Enterprise Linux, Fedora, Keepass 2022-10-28 5.0 MEDIUM 7.5 HIGH
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
CVE-2021-21897 3 Debian, Fedoraproject, Ribbonsoft 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more 2022-10-28 6.8 MEDIUM 8.8 HIGH
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-27191 3 Fedoraproject, Golang, Redhat 5 Extra Packages For Enterprise Linux, Fedora, Ssh and 2 more 2022-10-26 4.3 MEDIUM 7.5 HIGH
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
CVE-2022-2296 2 Fedoraproject, Google 4 Extra Packages For Enterprise Linux, Fedora, Chrome and 1 more 2022-10-26 N/A 8.8 HIGH
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.
CVE-2022-2295 2 Fedoraproject, Google 3 Extra Packages For Enterprise Linux, Fedora, Chrome 2022-10-26 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2294 4 Fedoraproject, Google, Webkitgtk and 1 more 5 Extra Packages For Enterprise Linux, Fedora, Chrome and 2 more 2022-10-26 N/A 8.8 HIGH
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2158 2 Fedoraproject, Google 3 Extra Packages For Enterprise Linux, Fedora, Chrome 2022-10-26 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2163 2 Fedoraproject, Google 3 Extra Packages For Enterprise Linux, Fedora, Chrome 2022-10-26 N/A 8.8 HIGH
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.
CVE-2021-3733 4 Fedoraproject, Netapp, Python and 1 more 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more 2022-10-26 4.0 MEDIUM 6.5 MEDIUM
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
CVE-2022-28327 2 Fedoraproject, Golang 3 Extra Packages For Enterprise Linux, Fedora, Go 2022-10-14 5.0 MEDIUM 7.5 HIGH
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
CVE-2022-25648 2 Fedoraproject, Git 3 Extra Packages For Enterprise Linux, Fedora, Git 2022-10-14 7.5 HIGH 9.8 CRITICAL
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVE-2020-9274 4 Canonical, Debian, Fedoraproject and 1 more 5 Ubuntu Linux, Debian Linux, Extra Packages For Enterprise Linux and 2 more 2022-10-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
CVE-2022-40313 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2022-10-04 N/A 7.1 HIGH
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
CVE-2022-40316 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2022-10-04 N/A 4.3 MEDIUM
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
CVE-2022-40315 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2022-10-04 N/A 9.8 CRITICAL
A limited SQL injection risk was identified in the "browse list of users" site administration page.
CVE-2022-0367 3 Debian, Fedoraproject, Libmodbus 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more 2022-09-30 N/A 7.8 HIGH
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
CVE-2022-3213 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2022-09-21 N/A 5.5 MEDIUM
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVE-2021-38714 3 Debian, Fedoraproject, Plib Project 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more 2022-09-02 9.3 HIGH 8.8 HIGH
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.