📦 Extra Packages For Enterprise Linux

CVE-2023-34152 is a critical remote code execution vulnerability in ImageMagick's OpenBlob function when compiled with --enable-pipes configuration. Attackers can exploit this by processing malicious ...

This vulnerability allows attackers to bypass NTLM authentication in FreeRDP-based RDP servers by providing an empty password. This affects FreeRDP server implementations prior to version 2.7.0, poten...

This vulnerability in strongSwan allows a malicious VPN responder to bypass authentication by sending an EAP-Success message prematurely. Attackers can establish unauthorized VPN connections without p...

This CVE describes a template injection vulnerability in Ansible where unsafe template data can be executed, potentially allowing attackers to run arbitrary code. It affects Ansible users who process ...

This vulnerability in cri-o allows attackers to inject arbitrary lines into the /etc/passwd file using a specially crafted environment variable. This could enable privilege escalation or unauthorized ...

A heap buffer overflow vulnerability in sox's lsx_readbuf function allows attackers to write beyond allocated memory boundaries. This can lead to denial of service, arbitrary code execution, or inform...

A heap buffer overflow vulnerability in sox's hcom.c file allows attackers to write beyond allocated memory boundaries. This can lead to denial of service, arbitrary code execution, or information dis...

This is a use-after-free vulnerability in Google Chrome's Cast UI and Toolbar components. An attacker who convinces a user to install a malicious extension could exploit heap corruption through UI int...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that could allow a remote attacker to trigger heap corruption by tricking the browser into misinterpreting object types. At...

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that could allow a remote attacker to execute arbitrary code or cause heap corruption by tricking a user into visiting a ma...

This CVE-2022-32545 is an integer overflow vulnerability in ImageMagick's PSD file parser. When processing specially crafted or untrusted PSD files, it can cause undefined behavior leading to applicat...

This vulnerability in Go's crypto/elliptic library allows an attacker to cause a panic (crash) by providing a specially crafted long scalar input to the generic P-256 implementation. Affects Go applic...

CVE-2022-25648 is a command injection vulnerability in the ruby-git library that allows attackers to execute arbitrary commands on affected systems by injecting malicious flags through the remote para...

This CVE describes an SQL injection vulnerability in Badges code related to configuring criteria. It allows authenticated users with teacher or manager roles to execute arbitrary SQL commands. The vul...

CVE-2022-0725 is an information exposure vulnerability in KeePass where plain text passwords are logged to system logs. This allows attackers with access to system logs to read sensitive passwords. Al...

CVE-2022-21698 is a denial-of-service vulnerability in Prometheus client_golang's promhttp package where HTTP servers using certain instrumentation middleware are vulnerable to memory exhaustion attac...

CVE-2021-23727 is a command injection vulnerability in Celery task queue software. Attackers who can access or manipulate metadata in Celery backends can execute arbitrary commands on affected systems...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Moodle's badge deletion functionality. Attackers can trick authenticated users into unknowingly deleting badges by crafting mali...

CVE-2021-38714 is an integer overflow vulnerability in Plib's ssgLoadTGA() function that can lead to arbitrary code execution when processing malicious TGA image files. This affects applications using...

An uncontrolled resource consumption vulnerability in HAProxy could allow an authenticated remote attacker to crash the service by running a specially crafted malicious server in an OpenShift cluster....