Fedoraproject: >> Extra Packages For Enterprise Linux >> 8.0 Security Vulnerabilities
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVSS Score
7.8
EPSS Score
0.009
Published
2023-05-30
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-04-12
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-23
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-03-23
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
CVSS Score
9.8
EPSS Score
0.015
Published
2022-12-09
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-11-29
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
CVSS Score
7.1
EPSS Score
0.003
Published
2022-09-30
A limited SQL injection risk was identified in the "browse list of users" site administration page.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-09-30
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-09-30
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-19