The vulnerability of the Redis database management system, related to pointer assignment errors, allows attackers to trigger a service failure.

The vulnerability of the Redis database management system is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially crafted Lua script...

GHSA-8R7Q-CVJQ-X353 Incorrect Privilege Assignment in Jinja2

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

Incorrect Privilege Assignment in Jinja2

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

GHSA-QJPQ-5PQ3-43RR Incorrect Privilege Assignment in RESTEasy

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform EAP 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...

Incorrect Privilege Assignment in RESTEasy

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform EAP 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...

GHSA-PH34-PC88-72GC Incorrect Permission Assignment for Critical Resource in NPM

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status. It might allow local users to bypass intended filesystem...

Incorrect Permission Assignment for Critical Resource in NPM

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status. It might allow local users to bypass intended filesystem...

GHSA-4284-JFHC-F854 Phusion Passenger incorrect permission assignment

An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...

Phusion Passenger incorrect permission assignment

An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...

GHSA-XJX9-7C29-PWMM Moodle Improper Privilege Management

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...

GHSA-HX44-C87V-P6XG Opencast has Incorrect Permission Assignment

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...

Opencast has Incorrect Permission Assignment

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...

Incorrect Permission Assignment for Critical Resource in Jenkins

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials SECURITY-392, resulting in future builds possibly failing to download a JDK...

Moodle Stored HTML in assignment submission comments allowed links to be opened directly

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

GHSA-3FJ7-9J8M-7R8G Moodle Stored HTML in assignment submission comments allowed links to be opened directly

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

GHSA-Q9QR-H33G-FW3J TeamPass Storing Passwords in a Recoverable Format vulnerability

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role...

GHSA-H75F-HJCR-CVH8 Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

GHSA-F5PM-C4CW-563P Moodle cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

Moodle cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...