Vulnerabilities > Fedoraproject > Extra Packages FOR Enterprise Linux > 8.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-30 | CVE-2023-34153 | Command Injection vulnerability in multiple products A vulnerability was found in ImageMagick. | 7.8 |
2023-04-12 | CVE-2023-1906 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. | 5.5 |
2023-03-23 | CVE-2023-1289 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. | 5.5 |
2022-12-09 | CVE-2022-4170 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | 9.8 |
2022-11-29 | CVE-2022-4144 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. | 6.5 |
2022-09-30 | CVE-2022-40313 | Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | 7.1 |
2022-09-30 | CVE-2022-40315 | SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. | 9.8 |
2022-09-30 | CVE-2022-40316 | Missing Authorization vulnerability in multiple products The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | 4.3 |
2022-07-28 | CVE-2022-2163 | Use After Free vulnerability in multiple products Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. | 8.8 |
2022-07-28 | CVE-2022-2294 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |