Fedora Extra Packages Enterprise Linux Fedora Project Fedora Extra Packages Enterprise Linux

Do you want an email whenever new security vulnerabilities are reported in Fedora Project Fedora Extra Packages Enterprise Linux?

By the Year

In 2022 there have been 0 vulnerabilities in Fedora Project Fedora Extra Packages Enterprise Linux . Last year Fedora Extra Packages Enterprise Linux had 4 security vulnerabilities published. Right now, Fedora Extra Packages Enterprise Linux is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 4 6.93
2020 1 3.30
2019 0 0.00
2018 0 0.00

It may take a day or so for new Fedora Extra Packages Enterprise Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fedora Project Fedora Extra Packages Enterprise Linux Security Vulnerabilities

This affects the package celery before 5.2.2

CVE-2021-23727 7.5 - High - December 29, 2021

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Command Injection

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions

CVE-2021-43560 5.3 - Medium - November 22, 2021

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Exposure of Resource to Wrong Sphere

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions

CVE-2021-43559 8.8 - High - November 22, 2021

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

Session Riding

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions

CVE-2021-43558 6.1 - Medium - November 22, 2021

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

XSS

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0

CVE-2020-27818 3.3 - Low - December 08, 2020

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

Classic Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Fedora Project? Click the Watch button to subscribe.

subscribe