Fedoraproject

Extra Packages For Enterprise Linux

76 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-6395

Exploit
  • EPSS 0.41%
  • Veröffentlicht 16.01.2024 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:46

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the ex...

5.5

CVE-2024-0232

Exploit
  • EPSS 0.02%
  • Veröffentlicht 16.01.2024 14:15:48
  • Zuletzt bearbeitet 21.11.2024 08:46:06

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a...

5.3

CVE-2023-51766

Exploit
  • EPSS 1.64%
  • Veröffentlicht 24.12.2023 06:15:07
  • Zuletzt bearbeitet 21.11.2024 08:38:45

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mecha...

5.5

CVE-2023-4256

Exploit
  • EPSS 0.01%
  • Veröffentlicht 21.12.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:44

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. ...

5.5

CVE-2023-4255

Exploit
  • EPSS 0.02%
  • Veröffentlicht 21.12.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:44

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of ...

7.8

CVE-2023-5764

  • EPSS 0.07%
  • Veröffentlicht 12.12.2023 22:15:22
  • Zuletzt bearbeitet 21.11.2024 08:42:26

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating i...

5.5

CVE-2023-5341

  • EPSS 0.04%
  • Veröffentlicht 19.11.2023 10:15:49
  • Zuletzt bearbeitet 07.02.2025 03:15:10

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

3.3

CVE-2023-5543

  • EPSS 0.09%
  • Veröffentlicht 09.11.2023 22:15:11
  • Zuletzt bearbeitet 21.11.2024 08:41:58

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.

3.3

CVE-2023-5551

  • EPSS 0.07%
  • Veröffentlicht 09.11.2023 20:15:11
  • Zuletzt bearbeitet 21.11.2024 08:41:59

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

9.8

CVE-2023-5550

  • EPSS 1.07%
  • Veröffentlicht 09.11.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:59

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code ex...