USN-6202-1: containerd vulnerabilities

David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. CVE-2023-25153 It was discovered that containerd incorrectly set up...

Gitlab -- Vulnerabilities

Gitlab reports: A user can change the name and path of some public GitLab groups...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to lack of sanitization in the groups page which allows an attacker to inject and execute arbitrary javascript...

EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-2285)

According to the versions of the containerd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the...

CVE-2021-4385

The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the savegroups function. This makes it possible for unauthenticated attackers to add new group members via a...

The user can put their survey in the survey groups even though this survey group is not in public mode

Description The user can put their survey in the survey groups even though this survey group is not in public mode Proof of Concept Step 1: The survey group SG03 isn't in public mode \ Step 2: In the "Survey groups" tab, User2 with only survey permission only sees the survey group Default \ Step ...

podman: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

msLDAPDump - LDAP Enumeration Tool

msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...

Moodle vulnerable to Cross-site Scripting

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...

CVE-2023-35131

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...

UBUNTU-CVE-2023-35131

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...

CVE-2023-35131 Moodle: xss risk on groups page

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...

CVE-2023-35131 Moodle: xss risk on groups page

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...

PT-2023-25156 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.11 to 3.11.14 Moodle versions 4.0 to 4.0.8 Moodle versions 4.1 to 4.1.3 Moodle version 4.2 Description: The issue is related to insufficient sanitizing of user-provided data on the groups page, which poses an XSS risk. This...

CVE-2023-34565

Netbox 3.5.1 is vulnerable to Cross Site Scripting XSS in the "Create Wireless LAN Groups" function...

CVE-2023-34565

Netbox 3.5.1 is vulnerable to Cross Site Scripting XSS in the "Create Wireless LAN Groups" function...

CVE-2023-34565

Netbox 3.5.1 is vulnerable to Cross Site Scripting XSS in the "Create Wireless LAN Groups" function...

Cross site scripting

Netbox 3.5.1 is vulnerable to Cross Site Scripting XSS in the "Create Wireless LAN Groups" function...

CVSSv4 Public Preview Announcement

On June 8, 2023, at the 35th Annual FIRST Conference in Montreal, the public preview of CVSSv4 was announced. The Common Vulnerability Scoring System CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities. Since its initial release in 2004, CVSS h...

cri-o: incorrect handling of the supplementary groups

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...