Vulnerabilities > Fedoraproject > Extra Packages FOR Enterprise Linux > 8.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-30	CVE-2023-34153	Command Injection vulnerability in multiple products A vulnerability was found in ImageMagick. local low complexity imagemagick fedoraproject redhat CWE-77	7.8
2023-04-12	CVE-2023-1906	Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. local low complexity imagemagick fedoraproject CWE-787	5.5
2023-03-23	CVE-2023-1289	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. local low complexity imagemagick fedoraproject redhat CWE-20	5.5
2022-12-09	CVE-2022-4170	The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. network low complexity rxvt-unicode-project fedoraproject critical	9.8
2022-11-29	CVE-2022-4144	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. local low complexity qemu fedoraproject redhat CWE-125	6.5
2022-09-30	CVE-2022-40313	Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. network low complexity moodle fedoraproject CWE-79	7.1
2022-09-30	CVE-2022-40315	SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. network low complexity moodle fedoraproject CWE-89 critical	9.8
2022-09-30	CVE-2022-40316	Missing Authorization vulnerability in multiple products The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. network low complexity moodle fedoraproject CWE-862	4.3
2022-07-28	CVE-2022-2163	Use After Free vulnerability in multiple products Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. network low complexity google fedoraproject CWE-416	8.8
2022-07-28	CVE-2022-2294	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject webkitgtk wpewebkit apple webrtc-project CWE-787	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.