Vulnerabilities for Fedora extra packages for enterprise linux (...) - CXSECURITY.COM

Vulnerabilities for
'Fedora extra packages for enterprise linux'

2022-03-10

CVE-2022-0725

CWE-532

A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

2022-01-31

CVE-2021-45079

CWE-287

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

2021-11-22

CVE-2021-43558

CWE-79

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

CVE-2021-43559

CWE-352

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

CVE-2021-43560

CWE-668

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

2020-12-08

CVE-2020-27818

CWE-120

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

>>> Vendor: Fedoraproject 20 Products

389 directory server

389 administration server

Spin-kickstarts

Fedora extra packages for enterprise linux

Extra packages for enterprise linux

Copyright 2024, cxsecurity.com