EUVD-2022-4112

Malicious code in bioql PyPI...

keycloak-server-spi-private: ECP SAML binding bypasses authentication flows

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The...

The vulnerability of microprogrammed software in Schneider Electric’s Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 programmable logic controllers arises from an operation that escapes the buffer boundaries into memory, allowing a malicious actor to trigger a service failure.

The vulnerability of microprogrammed software in Schneider Electric’s Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 programmable logic controllers arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability can allow a...

Cross site request forgery (csrf)

calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a...

CVE-2016-2159

The savesubmission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service...

Cross site request forgery (csrf)

The savesubmission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service...

CVE-2016-2156

calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a...

The vulnerability of the SAP NetWeaver software integration platform allows a hacker to obtain information about the accessibility of internal network services.

The vulnerability of the SAP NetWeaver software integration platform exists due to insufficient restrictions on access to the GetSecNetworkId method SAPControl. Exploiting this vulnerability allows a malicious actor to obtain information about the availability of internal network services through...

CVE-2013-3869

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service daemon hang via a web-service...

JBoss EAP unprivileged local xml file access

The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...