Product:

Extra_packages_for_enterprise_linux

(Fedoraproject)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 19
Date Id Summary Products Score Patch Annotated
2021-02-23 CVE-2021-20247 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. Extra_packages_for_enterprise_linux, Fedora, Mbsync 7.4
2022-02-15 CVE-2022-21698 client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except... Extra_packages_for_enterprise_linux, Fedora, Client_golang, Rdo 7.5
2022-06-16 CVE-2022-32545 A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 7.8
2022-06-16 CVE-2022-32546 A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 7.8
2022-06-16 CVE-2022-32547 In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 7.8
2020-12-08 CVE-2020-27818 A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Pngcheck 3.3
2021-01-05 CVE-2020-27842 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Outside_in_technology, Codeready_linux_builder, Codeready_linux_builder_for_ibm_z_systems, Codeready_linux_builder_for_power_little_endian, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Openjpeg 5.5
2021-11-22 CVE-2021-43558 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. Extra_packages_for_enterprise_linux, Fedora, Moodle 6.1
2021-11-22 CVE-2021-43559 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. Extra_packages_for_enterprise_linux, Fedora, Moodle 8.8
2021-11-22 CVE-2021-43560 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. Extra_packages_for_enterprise_linux, Fedora, Moodle 5.3