Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

MineAdmin 安全漏洞

MineAdmin is an open source permissions management system for MineAdmin. A security vulnerability exists in MineAdmin version v3.x. The vulnerability stems from improperly set permissions for the Scheduled Tasks feature, which could lead to the execution of arbitrary commands and full account...

IBM Terracotta 安全漏洞

IBM Terracotta is a suite of distributed in-memory data management software from International Business Machines IBM. A security vulnerability exists in IBM Terracotta version 3.x that stems from unfiltered or unsalted handling of externally sourced keys, which could result in degraded cache writ...

SUSE CVE-2017-2644

In Moodle 3.x, XSS can occur via evidence of prior learning...

SUSE CVE-2023-43615

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow...

PT-2023-5882 · Mbed Tls +3 · Mbed Tls +3

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 2.x before 2.28.5 Mbed TLS versions 3.x before 3.5.0 Description: The issue is related to errors in handling encryption in DTLS connections, specifically when using zero encryption or RC4 cipher. This can allow a remote...

SUSE CVE-2012-0768

The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service memory...

SUSE CVE-2017-7490

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

CVE-2019-15631

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code...

PT-2018-2892 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 3.x through 4.20 Description: A flaw was found in the Linux kernel's NFS implementation. An attacker who is able to mount an exported NFS filesystem can trigger a null pointer dereference by using an invalid NFS sequence...

Moodle Design Vulnerability (CNVD-2018-10648)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in version 3.x of Moodle. An attacker could exploit th...

Moodle Code Execution Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in version 3.x of Moodle. A remote attacker could...

PT-2017-14691 · Automattic · Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce plugin versions 3.x Description: The issue concerns a Directory Traversal vulnerability via the /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which could potentially access a parent directory. However, a software...

UBUNTU-CVE-2017-7532

In Moodle 3.x, course creators are able to change system default settings for courses...

Octopus Deploy PackageId Value Directory Traversal Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in version 3.x of Octopus Deploy prior to 3.15.4. An attacker can exploit this vulnerability by uploading maliciously crafted NuGet packets to overwrite other...

DBD::mysql content misreference vulnerability

DBD::mysql is a Perl5 Database Interface DBI driver for MySQL. A content misreference vulnerability exists in DBD::mysql version 3.x and version 4.x prior to 4.041. An attacker can exploit this vulnerability to execute arbitrary code...

Drupal Views Bulk Operations Module Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Views Bulk Operations is one of the third-party modules used to change views on nodes. An access bypass vulnerability exists in the Drupal Views Bulk Operations module in version 6.x-1....

Common Management Agent 3.x vulnerable to information leakage

Overview Common Management Agent used in ePolicy Orchestrator and ProtectionPilot has a problem in directory access right setting which allows an attacker to obtain or view a list of files. Impact A remote attacker could view files. Solution None...