Lucene search
K

3979 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.31 views

Incorrect Privilege Assignment in Jenkins Script Security Plugin

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

8.8CVSS4.2AI score0.025EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/20 11:59 p.m.27 views

CVE-2019-3849

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site...

8.8CVSS3.2AI score0.01043EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/05/20 11:4 p.m.21 views

CVE-2019-14828

A vulnerability was found in Moodle where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role...

4.3CVSS3.5AI score0.00629EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/17 5:31 a.m.17 views

Spree does not properly restrict the use of a hash to provide values for a model's attributes

Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability...

5CVSS4.3AI score0.01244EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/17 5:31 a.m.16 views

GHSA-7H48-M3RW-VR27 Spree does not properly restrict the use of a hash to provide values for a model's attributes

Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability...

5CVSS6.4AI score0.01244EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/17 5:13 a.m.16 views

spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles

app/models/spree/user.rb in spreeauthdevise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves...

4CVSS6.2AI score0.01265EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/17 4:54 a.m.22 views

GHSA-5FJ8-WH3G-QVQ2 TYPO3 is vulnerable to Mass Assignment in the Extension table administration library

The creating record functionality in Extension table administration library feuseradminLib.inc in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...

5.8CVSS6.3AI score0.01207EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 4:54 a.m.27 views

TYPO3 is vulnerable to Mass Assignment in the Extension table administration library

The creating record functionality in Extension table administration library feuseradminLib.inc in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...

5.8CVSS7AI score0.01207EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:3 a.m.21 views

Moodle Cross-site Scripting in assignment submission page

In Moodle 3.x, there is Cross-site Scripting in the assignment submission page...

6.1CVSS6.4AI score0.00862EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 3:3 a.m.13 views

GHSA-6R76-F8C8-FH7P Moodle Cross-site Scripting in assignment submission page

In Moodle 3.x, there is Cross-site Scripting in the assignment submission page...

6.1CVSS5.6AI score0.00862EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.4 views

The vulnerability of the Redis database management system, related to pointer assignment errors, allows attackers to trigger a service failure.

The vulnerability of the Redis database management system is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially crafted Lua script...

3.3CVSS6.4AI score0.01498EPSS
Exploits1References14Affected Software4
Github Security Blog
Github Security Blog
added 2022/05/14 4:4 a.m.23 views

Incorrect Privilege Assignment in Jinja2

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

4.4CVSS5.8AI score0.00373EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2022/05/14 4:4 a.m.17 views

GHSA-8R7Q-CVJQ-X353 Incorrect Privilege Assignment in Jinja2

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

8.6CVSS5.8AI score0.00373EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2022/05/14 1:18 a.m.32 views

Incorrect Privilege Assignment in RESTEasy

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform EAP 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...

7.5CVSS9.1AI score0.04572EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2022/05/14 1:18 a.m.35 views

GHSA-QJPQ-5PQ3-43RR Incorrect Privilege Assignment in RESTEasy

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform EAP 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...

7.5CVSS8.7AI score0.04572EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/13 1:53 a.m.28 views

Incorrect Permission Assignment for Critical Resource in NPM

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status. It might allow local users to bypass intended filesystem...

7.8CVSS2AI score0.00332EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:53 a.m.14 views

GHSA-PH34-PC88-72GC Incorrect Permission Assignment for Critical Resource in NPM

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status. It might allow local users to bypass intended filesystem...

7.8CVSS7.3AI score0.00332EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:49 a.m.19 views

Phusion Passenger incorrect permission assignment

An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...

5.3CVSS3.4AI score0.01198EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 1:49 a.m.19 views

GHSA-4284-JFHC-F854 Phusion Passenger incorrect permission assignment

An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...

5.3CVSS5.1AI score0.01198EPSS
Exploits0References4
OSV
OSV
added 2022/05/13 1:49 a.m.16 views

GHSA-XJX9-7C29-PWMM Moodle Improper Privilege Management

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...

6.5CVSS6.5AI score0.01026EPSS
Exploits0References4
Rows per page
Query Builder