CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

CVE-2016-2157

CVE-2016-2157 is a CSRF vulnerability in Moodle affecting mod/assign/adminmanageplugins.php. It lets remote attackers hijack administrator authentication for requests that manage Assignment plugins. Affected Moodle versions include through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x b...

CVE-2016-2543

The sndseqioctlremoveevents function in sound/core/seq/seqclientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted ioctl call...

The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure

The vulnerability of the IOFireWireFamily component in the Mac OS X operating system is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to trigger a service failure pointer assignment to zero...

FreeBSD : moodle -- multiple vulnerabilities (a430e15d-f93f-11e5-92ce-002590263bf5)

Marina Glancy reports : - MSA-16-0003: Incorrect capability check when displaying users emails in Participants list - MSA-16-0004: XSS from profile fields from external db - MSA-16-0005: Reflected XSS in moddata advanced search - MSA-16-0006: Hidden courses are shown to students in Event Monitor ...

The vulnerability of Asterisk IP-telephony management systems and Certified Asterisk, which allows a perpetrator to trigger a service failure.

The vulnerability of Asterisk IP-telephony systems and Certified Asterisk is related to errors in pointer assignment. Exploiting this vulnerability can allow a malicious actor to cause service failures pointer assignment of an uninitialized pointer and emergency termination of operations...

MGASA-2016-0122 Updated moodle packages fix security vulnerability

In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list CVE-2016-2151. In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web...

Moodle Assignment Plugin Cross-Site Request Forgery Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas in Australia.Assignment is one of the plug-ins used to develop new types of assignments. A cross-sit...

OSIsoft PI SQL Data Access Server Input Validation Vulnerability

OVERVIEW OSIsoft has identified an input validation vulnerability in its own PI SQL Data Access Server. OSIsoft has produced a new version of PI SQL Data Access Server OLE DB 2016 1.5 to address this issue. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Affected versions of PI...

Mitre Tackles Its Critics: Set To Revamp CVE Vulnerability Reporting

Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures CVE in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of report...

drupal -- multiple vulnerabilities

Drupal Security Team reports: File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical Open redirect via path manipulation Base system - Drupal 6, 7 and 8 ...

UBUNTU-CVE-2016-2543

The sndseqioctlremoveevents function in sound/core/seq/seqclientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted ioctl call...

Possible Input Validation Circumvention

Code that uses Active Model based models including Active Record models and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacte...

The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure

The vulnerability of the IOThunderboltFamily component of the Mac OS X operating system is related to pointer assignment errors. Exploiting this vulnerability could allow an attacker to cause a service failure locally...

Possible Input Validation Circumvention in Active Model

There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1 Impact ------ Code that uses...

The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or increase their privileges.

The vulnerability of the Intel Graphics Driver component in the Mac OS X operating system is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to increase their privileges or cause service interruptions...

[SECURITY] Fedora 23 Update: kea-1.0.0-1.fc23

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

Scientific Linux Security Update : pacemaker on SL7.x x86_64 (20151119)

A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. CVE-2015-1867 The pacemaker packages have be...

FreeBSD : redmine -- multiple vulnerabilities (0e0385d1-9ed5-11e5-8f5c-002590263bf5)

Redmine reports : Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks. Persistent XSS vulnerability %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML databa...

pacemaker: acl read-only access allow role assignment

A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well...