Vulnerabilities for Extra packages for enterprise linux (...) - CXSECURITY.COM

Vulnerabilities for
'Extra packages for enterprise linux'

2022-03-25

CVE-2022-0983

CWE-89

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

2022-01-31

CVE-2021-45079

CWE-287

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

2022-01-06

CVE-2021-46141

CWE-416

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

CVE-2021-46142

CWE-416

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

2021-02-23

CVE-2021-20247

CWE-20

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.

>>> Vendor: Fedoraproject 20 Products

389 directory server

389 administration server

Spin-kickstarts

Fedora extra packages for enterprise linux

Extra packages for enterprise linux

Copyright 2024, cxsecurity.com