runc: file descriptor leak

A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...

PT-2023-8910 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient sanitizing of Wiki comments, which poses a stored XSS risk and a potential IDOR risk. This could allow a remote attacker to perform cross-site scripting...