Vulnerabilities > Fedoraproject > Extra Packages FOR Enterprise Linux > High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-18	CVE-2022-27191	The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. network low complexity golang fedoraproject redhat	7.5
2022-03-10	CVE-2022-0725	Information Exposure Through Log Files vulnerability in multiple products A flaw was found in keepass. network low complexity keepass fedoraproject CWE-532	7.5
2022-02-24	CVE-2022-0546	Integer Overflow or Wraparound vulnerability in multiple products A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. local low complexity blender fedoraproject debian CWE-190	7.8
2022-02-15	CVE-2022-21698	Allocation of Resources Without Limits or Throttling vulnerability in multiple products client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. network low complexity prometheus fedoraproject rdo-project CWE-770	7.5
2021-12-29	CVE-2021-23727	Command Injection vulnerability in multiple products This affects the package celery before 5.2.2. network high complexity celeryproject fedoraproject CWE-77	7.5
2021-11-22	CVE-2021-43559	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. network low complexity moodle fedoraproject CWE-352	8.8
2021-09-08	CVE-2021-21897	A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. network low complexity ribbonsoft fedoraproject debian	8.8
2021-08-24	CVE-2021-38714	Integer Overflow or Wraparound vulnerability in multiple products In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. network low complexity plib-project debian fedoraproject CWE-190	8.8
2021-02-23	CVE-2021-20247	Path Traversal vulnerability in multiple products A flaw was found in mbsync before v1.3.5 and v1.4.1. network high complexity mbsync-project debian fedoraproject CWE-22	7.4
2020-02-26	CVE-2020-9274	Access of Uninitialized Pointer vulnerability in multiple products An issue was discovered in Pure-FTPd 1.0.49. network low complexity pureftpd debian fedoraproject canonical CWE-824	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.