Fedora Project Extra Packages Enterprise Linux
By the Year
In 2022 there have been 19 vulnerabilities in Fedora Project Extra Packages Enterprise Linux with an average score of 7.6 out of ten. Last year Extra Packages Enterprise Linux had 7 security vulnerabilities published. That is, 12 more vulnerabilities have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.56.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 19 | 7.62 |
| 2021 | 7 | 7.06 |
| 2020 | 2 | 4.70 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Extra Packages Enterprise Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fedora Project Extra Packages Enterprise Linux Security Vulnerabilities
In ImageMagick
CVE-2022-2719
5.5 - Medium
- August 10, 2022
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
assertion failure
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134
CVE-2022-2163
8.8 - High
- July 28, 2022
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.
Dangling pointer
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114
CVE-2022-2294
8.8 - High
- July 28, 2022
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114
CVE-2022-2296
8.8 - High
- July 28, 2022
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.
Dangling pointer
Type confusion in V8 in Google Chrome prior to 103.0.5060.114
CVE-2022-2295
8.8 - High
- July 28, 2022
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Type confusion in V8 in Google Chrome prior to 103.0.5060.53
CVE-2022-2158
8.8 - High
- July 28, 2022
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
A vulnerability was found in ImageMagick
CVE-2022-32545
7.8 - High
- June 16, 2022
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
Integer Overflow or Wraparound
A vulnerability was found in ImageMagick
CVE-2022-32546
7.8 - High
- June 16, 2022
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
Integer Overflow or Wraparound
In ImageMagick, there is load of misaligned address for type 'double'
CVE-2022-32547
7.8 - High
- June 16, 2022
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
Incorrect Type Conversion or Cast
An SQL injection risk was identified in Badges code relating to configuring criteria
CVE-2022-0983
8.8 - High
- March 25, 2022
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
SQL Injection
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go
CVE-2022-27191
7.5 - High
- March 18, 2022
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
Use of a Broken or Risky Cryptographic Algorithm
A flaw was found in KeePass
CVE-2022-0725
7.5 - High
- March 10, 2022
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
Insertion of Sensitive Information into Log File
There's a flaw in urllib's AbstractBasicAuthHandler class
CVE-2021-3733
6.5 - Medium
- March 10, 2022
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
Resource Exhaustion
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access
CVE-2022-0546
7.8 - High
- February 24, 2022
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
Integer Overflow or Wraparound
client_golang is the instrumentation library for Go applications in Prometheus
CVE-2022-21698
7.5 - High
- February 15, 2022
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.
Resource Exhaustion
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
CVE-2022-0571
6.1 - Medium
- February 14, 2022
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
XSS
In strongSwan before 5.9.5, a malicious responder
CVE-2021-45079
9.1 - Critical
- January 31, 2022
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
NULL Pointer Dereference
An issue was discovered in uriparser before 0.9.6
CVE-2021-46142
5.5 - Medium
- January 06, 2022
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
Dangling pointer
An issue was discovered in uriparser before 0.9.6
CVE-2021-46141
5.5 - Medium
- January 06, 2022
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
Dangling pointer
This affects the package celery before 5.2.2
CVE-2021-23727
7.5 - High
- December 29, 2021
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.
Command Injection
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions
CVE-2021-43558
6.1 - Medium
- November 22, 2021
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
XSS
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions
CVE-2021-43559
8.8 - High
- November 22, 2021
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Session Riding
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions
CVE-2021-43560
5.3 - Medium
- November 22, 2021
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
Exposure of Resource to Wrong Sphere
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0
CVE-2021-21897
8.8 - High
- September 08, 2021
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Memory Corruption
A flaw was found in mbsync before v1.3.5 and v1.4.1
CVE-2021-20247
7.4 - High
- February 23, 2021
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.
Directory traversal
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0
CVE-2020-27842
5.5 - Medium
- January 05, 2021
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
Out-of-bounds Read
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0
CVE-2020-27818
3.3 - Low
- December 08, 2020
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
Out-of-bounds Read
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database
CVE-2020-7106
6.1 - Medium
- January 16, 2020
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Extra Packages Enterprise Linux or by Fedora Project? Click the Watch button to subscribe.
