Extra Packages FOR Enterprise Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-15	CVE-2022-21698	Allocation of Resources Without Limits or Throttling vulnerability in multiple products client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. network low complexity prometheus fedoraproject rdo-project CWE-770	7.5
2022-02-14	CVE-2022-0571	Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. network low complexity phoronix-media fedoraproject	6.1
2022-01-31	CVE-2021-45079	NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. network low complexity strongswan debian fedoraproject canonical CWE-476 critical	9.1
2022-01-06	CVE-2021-46141	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2022-01-06	CVE-2021-46142	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2021-12-29	CVE-2021-23727	Command Injection vulnerability in multiple products This affects the package celery before 5.2.2. network high complexity celeryproject fedoraproject CWE-77	7.5
2021-11-22	CVE-2021-43558	Cross-site Scripting vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. network low complexity moodle fedoraproject CWE-79	6.1
2021-11-22	CVE-2021-43559	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. network low complexity moodle fedoraproject CWE-352	8.8
2021-11-22	CVE-2021-43560	Exposure of Resource to Wrong Sphere vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. network low complexity moodle fedoraproject CWE-668	5.3
2021-09-08	CVE-2021-21897	A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. network low complexity ribbonsoft fedoraproject debian	8.8