Latest fedoraproject extra packages for enterprise linux Vulnerabilities

CVE-2023-51766
Exim: SMTP smuggling
Exim Exim<4.97.1
Fedoraproject Extra Packages For Enterprise Linux=7.0
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Extra Packages For Enterprise Linux=9.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
and 9 more
CVE-2023-4256
Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c
Broadcom Tcpreplay=4.4.3
Broadcom Tcpreplay=4.4.4
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=39
CVE-2023-4255
W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)
Tats W3m=0.5.3\+git20230121-1
Tats W3m=0.5.3\+git20230121-2
Tats W3m=0.5.3\+git20230129
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=39
debian/w3m<=0.5.3-37<=0.5.3-37+deb10u1<=0.5.3+git20210102-6+deb11u1<=0.5.3+git20230121-2
and 6 more
CVE-2023-6395
Mock: privilege escalation for users that can access mock configuration
Rpm-software-management Mock
Fedoraproject Extra Packages For Enterprise Linux=7.0
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Extra Packages For Enterprise Linux=9.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
and 7 more
CVE-2023-5764
Ansible: template injection
pip/ansible-core<2.14.12
pip/ansible-core>=2.15.0<2.15.8
pip/ansible-core>=2.16.0<2.16.1
Redhat Ansible<2.14.12
Redhat Ansible>=2.15.0<2.15.7
Redhat Ansible=2.16.0
and 11 more
CVE-2023-5551
Moodle: forum summary report shows students from other groups when in separate groups mode
redhat/moodle<4.2.3
redhat/moodle<4.1.6
redhat/moodle<4.0.11
redhat/moodle<3.11.17
redhat/moodle<3.9.24
Moodle Moodle<3.9.24
and 12 more
CVE-2023-5550
Moodle: rce due to lfi risk in some misconfigured shared hosting environments
redhat/moodle<4.2.3
redhat/moodle<4.1.6
redhat/moodle<4.0.11
redhat/moodle<3.11.17
redhat/moodle<3.9.24
Moodle Moodle<3.9.24
and 12 more
CVE-2023-5549
Moodle: insufficient capability checks when updating the parent of a course category
redhat/moodle<4.2.3
redhat/moodle<4.1.6
redhat/moodle<4.0.11
redhat/moodle<3.11.17
redhat/moodle<3.9.24
Moodle Moodle<3.9.24
and 7 more
CVE-2023-5548
Moodle: cache poisoning risk with endpoint revision numbers
redhat/moodle<4.2.3
redhat/moodle<4.1.6
redhat/moodle<4.0.11
redhat/moodle<3.11.17
redhat/moodle<3.9.24
Moodle Moodle<3.9.24
and 7 more
CVE-2023-5545
Moodle: auto-populated h5p author name causes a potential information leak
redhat/moodle<4.2.3
redhat/moodle<4.1.6
redhat/moodle<4.0.11
redhat/moodle<3.11.17
redhat/moodle<3.9.24
Moodle Moodle<3.9.24
and 7 more
CVE-2023-5543
Moodle: duplicating a bigbluebutton activity assigns the same meeting id
redhat/moodle<4.2.3
redhat/moodle<4.1.6
redhat/moodle<4.0.11
Moodle Moodle>=4.0.0<4.0.11
Moodle Moodle>=4.1.0<4.1.6
Moodle Moodle>=4.2.0<4.2.3
and 2 more
CVE-2023-5542
Moodle: students can view other users in "only see own membership" groups
redhat/moodle<4.2.3
Moodle Moodle=4.2.2
Fedoraproject Extra Packages For Enterprise Linux=7.0
Fedoraproject Fedora=38
composer/moodle/moodle<4.3.0-rc2
CVE-2023-5540
Moodle: authenticated remote code execution risk in imscp
redhat/moodle<4.2.3
redhat/moodle<4.1.6
redhat/moodle<4.0.11
redhat/moodle<3.11.17
redhat/moodle<3.9.24
Moodle Moodle<3.9.24
and 7 more
CVE-2023-5539
Moodle: authenticated remote code execution risk in lesson
redhat/moodle<4.2.3
redhat/moodle<4.1.6
redhat/moodle<4.0.11
redhat/moodle<3.11.17
redhat/moodle<3.9.24
composer/moodle/moodle<4.3.0-rc2
and 7 more
CVE-2023-5341
Imagemagick: heap use-after-free in coders/bmp.c
redhat/ImageMagick<7.1.2
ImageMagick ImageMagick<7.1.2
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=38
and 6 more
CVE-2023-38253
W3m: out of bounds read in growbuf_to_str() at w3m/indep.c
Tats W3m=0.5.3\+git20230121
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
W3m Project W3m=0.5.3\+git20230121
CVE-2023-38252
W3m: out of bounds read in strnew_size() at w3m/str.c
Tats W3m=0.5.3\+git20230121
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
W3m Project W3m=0.5.3\+git20230121
CVE-2023-3428
Imagemagick: heap-buffer-overflow in coders/tiff.c
ImageMagick ImageMagick<7.1.1-19
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora
redhat/ImageMagick 7.1.1<19
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
and 4 more
CVE-2023-34474
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an...
ImageMagick ImageMagick<7.1.1-10
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
CVE-2023-34475
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an ...
ImageMagick ImageMagick<7.1.1-10
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
redhat/ImageMagick 7.1.1<10
CVE-2023-3195
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an applicatio...
ImageMagick ImageMagick<6.9.12-26
ImageMagick ImageMagick>=7.1.1-0<7.1.1-10
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
redhat/ImageMagick 6.9.12<26
and 7 more
CVE-2023-34432
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
Sound Exchange Project Sound Exchange<=14.4.3
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
CVE-2023-32627
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.
ubuntu/sox<14.4.2+
ubuntu/sox<14.4.2-3ubuntu0.18.04.3+
ubuntu/sox<14.4.2+
ubuntu/sox<14.4.2+
ubuntu/sox<14.4.2+
ubuntu/sox<14.4.1-3ubuntu1.1+
and 12 more
CVE-2023-26590
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
Sox Project Sox=14.4.3
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
CVE-2023-34151
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
ImageMagick ImageMagick<7.1.1.11
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
and 10 more
CVE-2023-34152
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
ImageMagick ImageMagick<7.1.1.11
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
CVE-2023-34153
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
ImageMagick ImageMagick<7.1.1.11
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
CVE-2023-34318
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
Sox Project Sox=14.4.3
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
CVE-2023-30944
Moodle: minor sql injection risk in external wiki method for listing pages
Moodle Moodle>=3.9.0<3.9.21
Moodle Moodle>=3.11.0<3.11.14
Moodle Moodle>=4.0.0<4.0.8
Moodle Moodle>=4.1.0<4.1.3
Fedoraproject Extra Packages For Enterprise Linux=7.0
Fedoraproject Fedora=36
and 15 more
CVE-2023-30943
Moodle: tinymce loaders susceptible to arbitrary folder creation
Moodle Moodle>=4.1.0<4.1.3
Fedoraproject Extra Packages For Enterprise Linux=7.0
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Fedoraproject Fedora=38
composer/moodle/moodle<4.2.0-rc2
and 6 more
CVE-2023-1906
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, trigg...
<6.9.12-84
=7.1.1-4
=8.0
=37
ImageMagick ImageMagick<6.9.12-84
ImageMagick ImageMagick=7.1.1-4
and 9 more
CVE-2023-1289
A specially created SVG file that loads by itself and make segmentation fault. Remote attackers can take advantage of this vulnerability to cause a denial of service of the generated SVG file. It see...
<7.1.1-0
=8.0
=9.0
=36
=37
=8.0
and 16 more
CVE-2023-0056
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious...
redhat/haproxy<0:2.4.17-3.el9_1.2
redhat/haproxy<0:2.4.7-2.el9_0.2
redhat/haproxy<0:2.2.19-3.el8
redhat/haproxy<0:2.2.24-2.el8
redhat/haproxy<0:2.2.24-3.rhaos4.13.el8
redhat/haproxy<0:2.2.15-6.el8
and 24 more
CVE-2022-4318
Cri-o: /etc/passwd tampering privesc
redhat/cri-o<0:1.24.4-10.rhaos4.11.git1ed5ac5.el8
redhat/cri-o<0:1.25.2-10.rhaos4.12.git0a083f9.el8
Kubernetes CRI-O
Redhat Openshift Container Platform For Arm64=4.12
Redhat Openshift Container Platform For Linuxone=4.12
Redhat Openshift Container Platform For Power=4.12
and 45 more
CVE-2022-4170
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
Rxvt-unicode Project Rxvt-unicode=9.25
Rxvt-unicode Project Rxvt-unicode=9.26
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
redhat/rxvt-unicode<9.30
CVE-2022-4144
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potent...
QEMU qemu<=7.1.0
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Redhat Enterprise Linux=8.0
redhat/qemu-kvm<7.2.0
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utili...
Moodle Moodle<3.9.18
Moodle Moodle>=3.11.0<3.11.11
Moodle Moodle>=4.0.0<4.0.5
Fedoraproject Extra Packages For Enterprise Linux=7.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 14 more
CVE-2022-40316
Severity/Risk: Minor Versions affected: 4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versions Versions fixed: 4.0.4, 3.11.10 and 3.9.17 Reported by: Jari Vilkman and Bjørn T...
Moodle Moodle>=3.9.0<3.9.17
Moodle Moodle>=3.11.0<3.11.10
Moodle Moodle>=4.0.0<4.0.4
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 9 more
CVE-2022-40315
A limited SQL injection risk was identified in the "browse list of users" site administration page.
Moodle Moodle>=3.9.0<3.9.17
Moodle Moodle>=3.11.0<3.11.10
Moodle Moodle>=4.0.0<4.0.4
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 9 more
CVE-2022-40313
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an Cross-site Scripting risk or a page failing to load.
Moodle Moodle>=3.9.0<3.9.17
Moodle Moodle>=3.11.0<3.11.10
Moodle Moodle>=4.0.0<4.0.4
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 9 more
CVE-2022-3213
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
ImageMagick ImageMagick<6.9.12-62
ImageMagick ImageMagick>=7.1.0-0<7.1.0-47
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Extra Packages For Enterprise Linux=9.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 3 more
CVE-2022-2719
In ImageMagick 7.1.0-29, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denia...
redhat/ImageMagick 7.1.0<30
Fedoraproject Extra Packages For Enterprise Linux=8.0
ImageMagick ImageMagick<7.1.0-30
Fedoraproject Fedora=36
CVE-2022-2163
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI i...
Google Chrome<103.0.5060.134
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2022-2158
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google Chrome<103.0.5060.53
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2022-2294
Heap buffer overflow in WebRTC
Apple Safari<15.6
<12.5
Apple iOS<15.6
Apple iPadOS<15.6
Google Chrome<103.0.5060.114
WebRTC WebRTC
and 31 more
CVE-2022-2295
Type Confusion in V8
Google Chrome<103.0.5060.114
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Google Chrome<103.0.5060.114
CVE-2022-32546
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a ne...
<6.9.12-44
>=7.1.0<7.1.0-29
=8.0
=36
=6.0
=7.0
and 15 more
CVE-2022-32545
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a ne...
<6.9.12-43
>=7.1.0<7.1.0-28
=8.0
=36
=7.0
ImageMagick ImageMagick<6.9.12-43
and 12 more
CVE-2022-2296
Use after free in Chrome OS Shell
Google Chrome<103.0.5060.114
Google Chrome OS
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Google Chrome<103.0.5060.114
CVE-2022-24882
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password...
FreeRDP FreeRDP<2.7.0
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Fedoraproject Fedora=36

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203