UBUNTU-CVE-2021-27131

DISPUTED Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting XSS due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookie...

Out-of-bounds

In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources...

CVE-2022-48383

.In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

Design/Logic Flaw

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the use...

UBUNTU-CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

ActiveCampaign < 8.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, add a "AC Forms" Gutenberg block to a...

CVE-2023-21080

In registernotificationrsp of btifrc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

Rockstar Games: Insecure Direct Object Reference allows Crew Invite deletion

An Insecure Direct Object Reference vulnerability was discovered in a service endpoint related to Crews management. This vulnerability allowed unauthorized users to delete outstanding Crew invitations from any Crew to any Social Club user. The vulnerability was resolved by implementing additional...

ASB-A-235823542

In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

CVE-2023-1402

The course participation report required additional checks to prevent roles being displayed which the user did not have access to view...

Nextcloud: No rate limit while adding Additional emails feature

Vulnerability description not provided...

CVE-2022-47479

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Race condition

A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root...

CVE-2023-23520

A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root...

[SECURITY] Fedora 37 Update: plasma-workspace-wallpapers-5.27.1-1.fc37

Additional wallpapers for Plasma workspace...

K52171694: OpenSSL vulnerability CVE-2021-3450

Security Advisory Description The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curv...

CVE-2022-48328

app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles orderedurlparams and additionaldelimiters...

CVE-2022-48328

app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles orderedurlparams and additionaldelimiters...

SUSE CVE-2009-4022

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...