Extra Packages For Enterprise Linux Security Vulnerabilities and Issues — Extra Packages For Enterprise Linux CVE List

Lucene search

FedoraprojectExtra Packages For Enterprise Linux

8 matches found

CVE•added 2021/02/23 7:15 p.m.•197 views

CVE-2021-20247

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposi...

7.4CVSS7.1AI score0.00546EPSS

CVE•added 2021/01/05 6:15 p.m.•168 views

CVE-2020-27842

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

5.5CVSS6.1AI score0.00066EPSS

CVE•added 2021/12/29 5:15 p.m.•129 views

CVE-2021-23727

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backe...

7.5CVSS7.7AI score0.02018EPSS

CVE•added 2021/09/08 4:15 p.m.•68 views

CVE-2021-21897

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

8.8CVSS8.7AI score0.00793EPSS

CVE•added 2021/08/24 2:15 p.m.•67 views

CVE-2021-38714

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

9.3CVSS8.8AI score0.00178EPSS

CVE•added 2021/11/22 4:15 p.m.•60 views

CVE-2021-43558

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

6.1CVSS5.8AI score0.00612EPSS

CVE•added 2021/11/22 4:15 p.m.•54 views

CVE-2021-43559

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

8.8CVSS8.3AI score0.00173EPSS

CVE•added 2021/11/22 4:15 p.m.•45 views

CVE-2021-43560

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

5.3CVSS5.2AI score0.00308EPSS