31 matches found
CVE-2026-43964
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...
WordPress plugin OneLife has code-related vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
PT-2026-2197
Name of the Vulnerable Software and Affected Versions Handmade Framework versions through 3.9 Description The software contains a flaw related to improper control of filenames used in include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local...
Linux Distros Unpatched Vulnerability : CVE-2020-25702
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10...
CVE-2024-11168
The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...
vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-41882 via vantage6 (>=0.0.0 <=3.9.0rc4)
vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-41882 Source advisory: OSV:GHSA-GC57-XHH5-M94R...
Linux Nettle 缓冲区错误漏洞
Linux Nettle is an American open source application for Linux. Contains a cryptographic library designed to fit easily into many situations at a low level. A security vulnerability exists in Linux Nettle version 3.9 up to and including version 3.9.1, which stems from an OCB feature in libnettle...
PT-2023-25663 · Nettle · Nettle
Name of the Vulnerable Software and Affected Versions: Nettle versions 3.9 through 3.9.0 Description: The issue allows memory corruption due to a problem in the OCB feature in libnettle. Recommendations: For versions 3.9 through 3.9.0, update to version 3.9.1 or later to resolve the issue...
PT-2023-13664 · Unknown · Bluepage Cms
Name of the Vulnerable Software and Affected Versions: BluePage CMS versions 3.9 and earlier Description: The issue allows MySQL Injection in the User-Agent field using a Time-based blind SLEEP payload due to insufficient sanitization of HTTP Headers. Recommendations: For BluePage CMS versions 3....
PT-2022-35528 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 3.9 through 5.10.149 Description: The issue is related to a refcount leak in the tegra20 clock init function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...
DEBIAN-CVE-2015-20107
In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...
Moodle Cross-Site Request Forgery Vulnerability (CNVD-2022-08151)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site request forgery vulnerability exists in Moodle 3.11 through 3.11.4, 3.10 through 3.10.8, and 3.9 through 3.9.11, which ste...
UBUNTU-CVE-2022-0333
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events...
PT-2022-13111 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.11 to 3.11.4 Moodle versions 3.10 to 3.10.8 Moodle versions 3.9 to 3.9.11 Moodle versions earlier than 3.9 Description: A flaw was found in the calendar:manageentries capability, which allowed managers to access or modify an...
CVE-2022-22551
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session...
CVE-2022-22551
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session...
DELL EMC AppSync 安全漏洞
DELL EMC AppSync is a replication data management software from Dell DELL, Inc. A security vulnerability exists in DELL EMC AppSync due to a clickjacking vulnerability in Dell EMC AppSync versions 3.9 through 4.3. An attacker could use this vulnerability to trick victims into performing a state...
CVE-2022-22552
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations...
PT-2021-5354 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.11 to 3.11.3 Moodle versions 3.10 to 3.10.7 Moodle versions 3.9 to 3.9.10 Moodle versions earlier than 3.9 Description: The issue is related to errors in code generation management, allowing a remote attacker to execute...
PT-2021-5355 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.11 to 3.11.3 Moodle versions 3.10 to 3.10.7 Moodle versions 3.9 to 3.9.10 Moodle versions prior to 3.9 Description: A flaw was found in Moodle due to insufficient capability checks, making it possible to fetch other users'...