Vulnerabilities > Fedoraproject > Extra Packages FOR Enterprise Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-02 | CVE-2023-30943 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. | 5.3 |
| 2023-05-02 | CVE-2023-30944 | SQL Injection vulnerability in multiple products The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. | 7.3 |
| 2023-04-12 | CVE-2023-1906 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. | 5.5 |
| 2023-03-23 | CVE-2023-1289 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. | 5.5 |
| 2022-12-09 | CVE-2022-4170 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | 9.8 |
| 2022-11-29 | CVE-2022-4144 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. | 6.5 |
| 2022-11-25 | CVE-2022-45152 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. | 9.1 |
| 2022-09-30 | CVE-2022-40313 | Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | 7.1 |
| 2022-09-30 | CVE-2022-40315 | SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. | 9.8 |
| 2022-09-30 | CVE-2022-40316 | Missing Authorization vulnerability in multiple products The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | 4.3 |