RSS   Vulnerabilities for
'Extra packages for enterprise linux'
   RSS

2022-03-25
 
CVE-2022-0983

CWE-89
 

 
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

 
2022-01-31
 
CVE-2021-45079

CWE-287
 

 
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

 
2022-01-06
 
CVE-2021-46141

CWE-416
 

 
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

 
 
CVE-2021-46142

CWE-416
 

 
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

 
2021-02-23
 
CVE-2021-20247

CWE-20
 

 
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.

 

 >>> Vendor: Fedoraproject 20 Products
Fedora core
Coolkey
Commons
Fedora
SSSD
Dracut
389 directory server
Libnm-util
Networkmanager
Anaconda
Crypto-utils
Arm installer
Fedmsg
389 administration server
Python-fedora
Spin-kickstarts
Sectool
Selinux-policy
Fedora extra packages for enterprise linux
Extra packages for enterprise linux


Copyright 2022, cxsecurity.com

 

Back to Top