Extra Packages FOR Enterprise Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-02	CVE-2023-30943	Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. network low complexity moodle fedoraproject CWE-610	5.3
2023-05-02	CVE-2023-30944	SQL Injection vulnerability in multiple products The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. network low complexity moodle fedoraproject CWE-89	7.3
2023-04-12	CVE-2023-1906	Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. local low complexity imagemagick fedoraproject CWE-787	5.5
2023-03-23	CVE-2023-0056	Resource Exhaustion vulnerability in multiple products An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. network low complexity haproxy redhat fedoraproject CWE-400	6.5
2023-03-23	CVE-2023-1289	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. local low complexity imagemagick fedoraproject redhat CWE-20	5.5
2022-12-09	CVE-2022-4170	The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. network low complexity rxvt-unicode-project fedoraproject critical	9.8
2022-11-29	CVE-2022-4144	An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. local low complexity qemu fedoraproject redhat	6.5
2022-11-25	CVE-2022-45152	Server-Side Request Forgery (SSRF) vulnerability in multiple products A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. network low complexity moodle fedoraproject CWE-918 critical	9.1
2022-09-30	CVE-2022-40313	Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. network low complexity moodle fedoraproject CWE-79	7.1
2022-09-30	CVE-2022-40315	SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. network low complexity moodle fedoraproject CWE-89 critical	9.8