Redhat: >> Enterprise Linux Security Vulnerabilities
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-05-24
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-24
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-05-18
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-05-18
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-05-18
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-05-18
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.012
Published
2022-05-18
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-05-17
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
CVSS Score
9.1
EPSS Score
0.004
Published
2022-05-16
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-05-16