11 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-37814
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tty: Require CAPSYSADMIN for all usages of TIOCLSELMOUSEREPORT This requirement was...
AZL-26623 CVE-2023-32269 affecting package kernel for versions less than 5.15.112.1-1
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free because accept is also allowed for a successfully connected AFNETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the...
kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
A vulnerability was found in the Linux kernel’s implementation of the AFISDN protocol, which does not enforce the CAPNETRAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISD...
CVE-2014-7832
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by...
CVE-2014-3553
mod/forum/classes/postform.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users...
Authentication flaw
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report...
CVE-2012-6100
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report...
CVE-2012-6098
CVE-2012-6098 affects Moodle: grade/edit/outcome/edit_form.php where the moodle/grade:manage capability is not properly enforced. From Moodle 1.9.x (1.9.19) and 2.1.x up to 2.1.10, 2.2.x up to 2.2.7, 2.3.x up to 2.3.4, and 2.4.x up to 2.4.1, remote authenticated users with a teacher role can conv...
CVE-2012-2354
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL...
CVE-2011-1019
The devload function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAPSYSMODULE capability requirement and load arbitrary modules by leveraging the CAPNETADMIN capability...
PT-2010-5119 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.36.2 Description: The issue allows local users to bypass intended access restrictions and configure econet addresses. This is due to the ec dev ioctl function in net/econet/af econet.c not requiring the CAP...