129 matches found
AZL-65082 CVE-2025-45582 affecting package tar 1.35-2
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
UBUNTU-CVE-2025-45582
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
ArgHiTZ at ArchEHR-QA 2025: a Two-Step Divide and Conquer Approach to Patient Question Answering for Top Factuality
This work presents three different approaches to address the ArchEHR-QA 2025 Shared Task on automated patient question answering. We introduce an end-to-end prompt-based baseline and two two-step methods to divide the task, without utilizing any external knowledge. Both two step approaches first...
CVE-2023-23566
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...
Improper Verification of Cryptographic Signature
Overview org.webjars.npm:openpgp is a JavaScript implementation of the OpenPGP protocol. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the openpgp.verify or openpgp.decrypt functions. An attacker can manipulate the message content to...
Improper Access Control
moodle/moodle is vulnerable to Improper Access Control. The vulnerability is due to missing authentication enforcement, which allows users to enroll in courses without completing two-step verification...
GHSA-QHC7-XHC2-7P7W Moodle self enrollment available before completing second factor with MFA enabled
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...
CVE-2025-3634
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...
CVE-2025-3634
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...
UBUNTU-CVE-2025-3634
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...
CVE-2025-3634 Moodle: moodle allows course self-enrolment before completing mfa
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...
CVE-2025-3634
Summary of CVE-2025-3634 (Moodle) : Moodle self-enrollment can occur before completing required MFA/second-factor checks, enabling students to enroll prematurely on sites with MFA enabled. The connected OSV/BIT-MOODLE entries corroborate that self-enrolment bypasses MFA, and the problem is descri...
CVE-2025-3634
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...
Moodle 授权问题漏洞
Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. An authorization issue vulnerability exists in Moodle, which stems from the fact that a student can bypass security checks a...
PT-2025-17906
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A security issue was discovered that allows students to enroll in courses without completing necessary safety checks, including two-step verification processes. This enables users to sign up f...
CVE-2024-45394
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...
PT-2025-9966
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15 through 6.12 Description A vulnerability in the Linux kernel has been identified, related to the handling of bpf timers. The issue arises when the hrtimer cancel function attempts to acquire a lock that is already...
AZL-54243 CVE-2024-53121 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock...
Pterodactyl 安全漏洞
Pterodactyl is an open source game server administration panel built using PHP, Nodejs and Go. A security vulnerability exists in Pterodactyl versions prior to 1.11.8 that stems from passwords being recorded in plaintext in logs when a user disables two-step authentication; if a malicious user...
The FIPS Compliance of HKDF
HKDF is an HMAC-based key-derivation function specified in RFC 5869. It’s nice and we generally like using it. FIPS Federal Information Processing Standards is used generally as a moniker for the set of standards, recommendations, and guidance published by the U.S. National Institute of Standards...