12 matches found
CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...
lektor-tekir (>=0.1.0 <=0.5.0) potentially affected by CVE-2024-28335 via lektor (=3.1.3)
lektor PYPI version =3.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on lektor and may be impacted: - lektor-tekir =0.1.0, =0.5.0 Source cves: CVE-2024-28335 Source advisory: OSV:PYSEC-2024-49...
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
CVE-2023-28335
CVE-2023-28335 describes a CSRF risk in Moodle where the link to reset all templates of a database activity did not include the necessary token. Connected sources (OSV, GHSA, NVD/NASL) confirm a cross-site request forgery issue without publicly documented patches in the provided materials. The ex...
CVE-2021-28335
Remote Procedure Call Runtime Remote Code Execution Vulnerability...
CVE-2021-28335
Remote Procedure Call Runtime Remote Code Execution Vulnerability...
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability
...
CVE-2021-28335
CVE-2021-28335 corresponds to a remote code execution vulnerability in the Windows RPC Runtime. Affected product scope is Microsoft Windows/Windows Server; root cause is a vulnerability in RPC Runtime that enables remote code execution with network access. CVSSv3.1 base score is 8.8 (HIGH), with ...
KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072, CVE-2021-28310 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Windows Event Tracing Elevati...
KB5001389: Windows Server 2008 Security Update (Apr 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Microsoft Internet Messaging API Remote Code Execution Vulnerability CVE-2021-27089 - Windows Kernel Information Disclosure Vulnerability CVE-2021-27093, CVE-2021-28309 - Windows Media...
KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Microsoft Internet Messaging API Remote Code...