Fedora Project Extra Packages For Enterprise Linux 8.0

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

Published: 2024-01-16T14:01:58.505Z
Updated: 2025-11-21T06:24:19.419Z

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.

Published: 2024-01-16T14:33:02.308Z
Updated: 2025-02-13T17:26:22.188Z

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

Published: 2023-12-12T22:01:33.467Z
Updated: 2025-11-20T18:07:16.802Z

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

Published: 2023-11-19T09:20:12.642Z
Updated: 2025-11-20T17:58:36.783Z

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.

Published: 2023-12-24T00:00:00.000Z
Updated: 2025-11-04T18:21:35.998Z

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

Published: 2023-12-21T16:03:21.837Z
Updated: 2025-02-13T17:09:26.781Z

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

Published: 2023-12-21T16:08:39.691Z
Updated: 2025-02-13T17:09:26.229Z

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

Published: 2023-10-04T18:02:23.724Z
Updated: 2025-11-20T17:26:30.887Z

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

Published: 2023-06-16T00:00:00.000Z
Updated: 2024-12-03T16:24:31.268Z

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Published: 2023-07-14T17:07:01.468Z
Updated: 2025-02-13T17:01:49.231Z

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Published: 2023-07-14T17:06:20.732Z
Updated: 2025-11-21T06:00:41.620Z

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

Published: 2023-06-16T00:00:00.000Z
Updated: 2024-12-03T16:25:39.867Z

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Published: 2023-06-16T00:00:00.000Z
Updated: 2024-08-02T16:10:07.299Z

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

Published: 2023-07-10T20:05:39.681Z
Updated: 2024-10-01T16:24:35.073Z

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

Published: 2023-07-10T17:16:59.692Z
Updated: 2024-10-01T16:13:25.791Z

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

Published: 2023-05-30T00:00:00.000Z
Updated: 2025-01-10T21:02:45.598Z

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Published: 2023-05-30T00:00:00.000Z
Updated: 2025-01-13T18:36:57.030Z

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

Published: 2023-05-30T00:00:00.000Z
Updated: 2024-08-02T16:01:54.137Z

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

Published: 2023-07-10T17:15:42.063Z
Updated: 2025-02-13T16:54:52.041Z

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

Published: 2023-07-10T17:14:14.297Z
Updated: 2024-10-01T15:55:31.776Z

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Published: 2023-04-12T00:00:00.000Z
Updated: 2025-02-10T16:36:39.126Z

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Published: 2023-03-23T00:00:00.000Z
Updated: 2024-08-02T05:40:59.961Z

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

Published: 2023-03-23T00:00:00.000Z
Updated: 2025-02-25T19:35:27.521Z

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

Published: 2023-09-25T19:23:02.119Z
Updated: 2024-08-03T01:34:50.124Z

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

Published: 2022-12-09T00:00:00.000Z
Updated: 2025-04-14T18:11:13.443Z

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

Published: 2022-11-29T00:00:00.000Z
Updated: 2025-04-14T18:09:55.614Z

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

Published: 2022-09-30T16:37:12.000Z
Updated: 2025-05-20T16:39:07.787Z

A limited SQL injection risk was identified in the "browse list of users" site administration page.

Published: 2022-09-30T16:35:15.000Z
Updated: 2025-05-20T16:41:34.571Z

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

Published: 2022-09-30T16:34:00.000Z
Updated: 2025-05-20T18:20:46.944Z

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

Published: 2022-09-19T17:31:48.000Z
Updated: 2024-08-03T01:00:10.859Z

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Published: 2022-06-16T00:00:00.000Z
Updated: 2024-08-03T07:46:44.812Z

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Published: 2022-06-16T00:00:00.000Z
Updated: 2024-08-03T07:46:43.464Z

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

Published: 2022-08-09T20:18:08.000Z
Updated: 2026-03-06T19:10:51.074Z

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

Published: 2022-07-28T01:01:01.000Z
Updated: 2024-08-03T00:32:09.607Z

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-28T01:00:50.000Z
Updated: 2024-08-03T00:32:09.605Z

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-28T00:00:00.000Z
Updated: 2025-10-21T23:15:37.301Z

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

Published: 2022-07-28T01:00:25.000Z
Updated: 2024-08-03T00:32:08.018Z

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2022-07-28T00:40:31.000Z
Updated: 2024-08-03T00:32:07.973Z

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

Published: 2022-04-20T00:00:00.000Z
Updated: 2024-08-03T05:48:38.092Z

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

Published: 2022-03-18T06:03:34.000Z
Updated: 2024-08-03T05:25:31.128Z

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

Published: 2022-04-19T16:35:11.215Z
Updated: 2024-09-16T17:59:47.353Z

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

Published: 2022-04-26T00:00:00.000Z
Updated: 2025-11-03T20:34:47.348Z

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

Published: 2022-02-15T00:00:00.000Z
Updated: 2025-04-23T19:05:16.614Z

Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.

Published: 2022-02-13T11:00:11.000Z
Updated: 2024-08-02T23:32:46.350Z

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

Published: 2022-01-06T03:48:36.000Z
Updated: 2024-08-04T05:02:10.368Z

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

Published: 2022-01-06T03:48:45.000Z
Updated: 2024-08-04T05:02:10.366Z

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

Published: 2022-01-31T07:15:52.000Z
Updated: 2024-08-04T04:32:13.673Z

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Published: 2021-09-08T15:11:27.000Z
Updated: 2024-08-03T18:30:22.865Z

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.

Published: 2021-02-23T18:45:29.000Z
Updated: 2024-08-03T17:37:23.202Z

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.

Published: 2020-02-26T15:29:32.000Z
Updated: 2024-08-04T10:26:16.271Z

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

Published: 2020-01-16T03:55:12.000Z
Updated: 2024-08-04T09:18:03.119Z

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

Published: 2020-12-08T00:04:55.000Z
Updated: 2024-08-04T16:25:43.451Z