Bypass Intended Due-date Restrictions

Moodle is vulnerable to bypassing intended due-date restrictions. The vulnerability exists because savesubmission function in mod/assign/externallib.php fails to check due dates, allowing the students to add assignment beyond due dates...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none...

CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...

The vulnerability of the WideVine DRM component for the Android operating system allows a violator to gain access to local files.

The vulnerability of the WideVine DRM component for the Android operating system is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to gain access to local files remotely...

The vulnerability of the WideVine DRM component for the Android operating system allows a violator to gain access to local files.

The vulnerability of the WideVine DRM component for the Android operating system is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to gain access to local files remotely...

WordPress Photo Gallery 1.3.34 / 1.3.42 Path Traversal

Details ================ Software: Photo Gallery Version: 1.3.34,1.3.42 Homepage: https://wordpress.org/plugins/photo-gallery/ Advisory report: https://security.dxw.com/advisories/path-traversal-in-photo-gallery-may-allow-admins-to-read-most-files-on-the-filesystem/ CVE: Awaiting assignment CVSS:...

Auto-binding vulnerabilities and Spring MVC-vulnerability warning-the black bar safety net

Today to introduce a not very well-known vulnerability—auto binding vulnerability, or referred to as mass assignment in. Automatic binding capabilities in many of the frameworks are achieved, it allows the framework to automatically convert the HTTP request parameter bound to the object and to...

Information Disclosure

Moodle is vulnerable to information disclosure. The submission plugin in the assignment module allows attackers to read or modify other user's submission comments through URL manipulation...

USN-3309-1 libtasn1-6 vulnerability

Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code...

PT-2017-17399 · Gnu +3 · Gnutls +4

Name of the Vulnerable Software and Affected Versions: GnuTLS libtasn1 version 4.10 Description: The issue is related to two errors in the asn1 find node function within the libtasn1 library of GnuTLS. These errors can be exploited to cause a stack-based buffer overflow. This can happen when a us...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none...

Description of the security update for Project Server 2013: May 9, 2017

Description of the security update for Project Server 2013: May 9, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

Simple Vulnerability Remediation Collaboration with InsightVM

Many security groups today use ticketing systems that were originally designed for IT or developers, and are usually ill-suited to their vulnerability management needs. Even more commonly, teams simply rely on spreadsheets and unwieldy reports. On the other end of the spectrum, some security team...

Product update: Virtuozzo Automator 7.0 Update 2 (VA MN: 7.0.2-266, VA Agent: 7.0.2-115)

The Update 2 for Virtuozzo Automator 7.0 provides new features and stability and usability bug fixes. Vulnerability id: PVA-36694 No 'Renew backup' button on virtual environment's backups tab. Vulnerability id: PVA-36693 Existing bridges were not used when attaching interfaces to virtual networks...

Solarwinds LEM Privilege Escalation via Controlled Sudo Path

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-281: Improper Preservation of Permissions, CWE-708: Incorrect Ownership Assignment Impact: Privileged Access...

The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure

The vulnerability of the IOFireWireFamily component in the Mac OS X operating system is related to pointer assignment errors. Exploiting this vulnerability allows a malicious actor to trigger a service failure pointer assignment to zero through a specially created application...

UBUNTU-CVE-2016-10318

A missing authorization check in the fscryptprocesspolicy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of...

CVE-2017-0882

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC...