Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Extra Packages For Enterprise Linux
Subscriptions
Total
76 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-06-27 | 9.8 Critical |
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | ||||
CVE-2023-5545 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-06-04 | 5.3 Medium |
H5P metadata automatically populated the author with the user's username, which could be sensitive information. | ||||
CVE-2023-5549 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-06-04 | 5.3 Medium |
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | ||||
CVE-2023-5542 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-06-04 | 4.3 Medium |
Students in "Only see own membership" groups could see other students in the group, which should be hidden. | ||||
CVE-2023-5540 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-06-04 | 8.8 High |
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | ||||
CVE-2023-5341 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-06-04 | 5.5 Medium |
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | ||||
CVE-2023-30944 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-06-04 | 7.3 High |
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | ||||
CVE-2022-4318 | 3 Fedoraproject, Kubernetes, Redhat | 8 Extra Packages For Enterprise Linux, Fedora, Cri-o and 5 more | 2024-06-04 | 7.8 High |
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | ||||
CVE-2023-5764 | 2 Fedoraproject, Redhat | 7 Extra Packages For Enterprise Linux, Fedora, Ansible and 4 more | 2024-04-26 | 7.8 High |
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. | ||||
CVE-2024-0232 | 3 Fedoraproject, Redhat, Sqlite | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2024-04-25 | 5.5 Medium |
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. | ||||
CVE-2023-38252 | 3 Fedoraproject, Redhat, Tats | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2024-04-25 | 5.5 Medium |
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. | ||||
CVE-2023-3428 | 2 Fedoraproject, Imagemagick | 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick | 2024-04-25 | 5.5 Medium |
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. | ||||
CVE-2023-30943 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-04-19 | 5.3 Medium |
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | ||||
CVE-2023-5551 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-04-19 | 3.3 Low |
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | ||||
CVE-2023-5548 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-04-19 | 5.3 Medium |
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | ||||
CVE-2023-5543 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-04-19 | 3.3 Low |
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. | ||||
CVE-2023-5539 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-04-19 | 8.8 High |
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | ||||
CVE-2023-4255 | 2 Fedoraproject, Tats | 3 Extra Packages For Enterprise Linux, Fedora, W3m | 2024-03-27 | 5.5 Medium |
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. | ||||
CVE-2023-38253 | 3 Fedoraproject, Redhat, Tats | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2024-03-27 | 5.5 Medium |
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. | ||||
CVE-2023-4256 | 2 Broadcom, Fedoraproject | 3 Tcpreplay, Extra Packages For Enterprise Linux, Fedora | 2024-03-24 | 5.5 Medium |
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. |