Lucene search

K

ESET, Spol. S R.o. Security Vulnerabilities

veracode
veracode

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the admin management of analytics models, which fails to prevent CSRF risks because it does not include the necessary...

6.4AI Score

0.0004EPSS

2024-06-07 07:10 AM
almalinux
almalinux

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

7.8CVSS

7.1AI Score

0.001EPSS

2024-06-11 12:00 AM
1
veracode
veracode

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient sanitizing of ID numbers displayed in the report, which results in stored...

5.6AI Score

0.0004EPSS

2024-06-07 06:58 AM
osv
osv

Important: ipa security update

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user to access another target...

8.1CVSS

7.2AI Score

0.0004EPSS

2024-06-10 12:00 AM
almalinux
almalinux

Important: idm:DL1 security update

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access...

8.1CVSS

6.9AI Score

0.0004EPSS

2024-06-10 12:00 AM
1
osv
osv

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,...

6.8CVSS

6.4AI Score

0.0004EPSS

2024-06-14 01:59 PM
2
osv
osv

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) For more details...

7.5AI Score

0.0004EPSS

2024-06-14 02:00 PM
9
osv
osv

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): cockpit: command injection when deleting a sosreport with a...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
2
osv
osv

CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code...

9.8CVSS

9.5AI Score

0.003EPSS

2023-11-09 08:15 PM
4
osv
osv

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR...

6.5CVSS

5.2AI Score

0.001EPSS

2023-11-09 08:15 PM
6
osv
osv

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a...

8.1CVSS

8.2AI Score

0.001EPSS

2024-06-14 01:59 PM
1
osv
osv

Important: idm:DL1 security update

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access...

8.1CVSS

6.8AI Score

0.0004EPSS

2024-06-10 12:00 AM
1
ibm
ibm

Security Bulletin: A remote execution vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. A remote execution of arbitrary commands vulnerability affecting Node.js has been published in this security bulletin. This bulletin...

8AI Score

EPSS

2024-06-17 07:37 PM
4
nuclei
nuclei

Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is...

9.8CVSS

9.7AI Score

0.968EPSS

2023-07-28 09:38 PM
13
nuclei
nuclei

Gibbon v25.0.0 - Local File Inclusion

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's...

9.8CVSS

9.4AI Score

0.035EPSS

2023-06-26 04:38 AM
2
ibm
ibm

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode (CVE-2023-30630)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Dmidecode library. (CVE-2023-30630) Vulnerability Details ** CVEID: CVE-2023-30630 DESCRIPTION: **Dmidecode could allow a local authetnicated attacker to bypass security...

7.1CVSS

6.9AI Score

0.0004EPSS

2024-06-20 09:42 PM
1
osv
osv

CVE-2024-37897

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo versions prior to v2.6.1, if the feature is...

5.4CVSS

7.1AI Score

0.0004EPSS

2024-06-20 06:15 PM
osv
osv

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

7.6AI Score

0.0005EPSS

2024-06-25 12:00 AM
osv
osv

Moderate: idm:DL1 and idm:client security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): JWCrypto: denail of service Via specifically crafted JWE...

6.8CVSS

6.7AI Score

0.0004EPSS

2024-06-14 01:59 PM
3
osv
osv

Moderate: libXpm security update

X.Org X11 libXpm runtime library. Security Fix(es): libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789) For more details about the security issue(s), including the impact, a CVSS score,...

5.5CVSS

6.8AI Score

0.0004EPSS

2024-06-14 01:59 PM
3
osv
osv

CVE-2023-5541

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe...

6.1CVSS

6AI Score

0.001EPSS

2023-11-09 08:15 PM
4
osv
osv

CVE-2023-5547

The course upload preview contained an XSS risk for users uploading unsafe...

6.1CVSS

6AI Score

0.001EPSS

2023-11-09 08:15 PM
6
ibm
ibm

Security Bulletin: IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041.

Summary IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote attacker to.....

6.1CVSS

6.3AI Score

0.0004EPSS

2024-06-06 06:30 AM
1
osv
osv

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) For more details about the security...

6.1CVSS

6.9AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
osv
osv

CVE-2023-5546

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS...

5.4CVSS

5.1AI Score

0.001EPSS

2023-11-09 08:15 PM
7
osv
osv

CVE-2023-5545

H5P metadata automatically populated the author with the user's username, which could be sensitive...

5.3CVSS

5.2AI Score

0.001EPSS

2023-11-09 08:15 PM
2
osv
osv

CVE-2023-5543

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original...

3.3CVSS

6.7AI Score

0.0004EPSS

2023-11-09 10:15 PM
5
osv
osv

CVE-2023-5539

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and...

8.8CVSS

8.9AI Score

0.002EPSS

2023-11-09 08:15 PM
5
almalinux
almalinux

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

7.6AI Score

0.0005EPSS

2024-06-24 12:00 AM
github
github

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-02-28 10:57 PM
14
ibm
ibm

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2024-25026, CVE-2023-50313, CVE-2024-22329)

Summary IBM WebSphere Application Server (WAS) is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....

6.5CVSS

7.5AI Score

0.0004EPSS

2024-06-25 11:50 AM
1
ibm
ibm

Security Bulletin: IBM i Service Tools Server (SST) is vulnerable to SST user profile enumeration [CVE-2024-31878].

Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details **...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-07 07:32 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-37759

CVE-2024-37759 PoC Description DataGear version 5.0.0...

8.5AI Score

0.0004EPSS

2024-06-21 02:58 AM
87
osv
osv

Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

8.8CVSS

7.1AI Score

0.0004EPSS

2024-06-14 01:59 PM
2
nuclei
nuclei

Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft...

9CVSS

8.7AI Score

0.421EPSS

2023-07-20 06:27 PM
8
osv
osv

CVE-2023-23923

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted...

8.2CVSS

8.2AI Score

0.002EPSS

2023-02-17 08:15 PM
1
osv
osv

Important: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fix(es): xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) xorg-x11-server:...

7.8CVSS

7.9AI Score

0.0005EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-06-14 01:59 PM
githubexploit
githubexploit

Exploit for Use After Free in Linux Linux Kernel

CVE-2024-1086-checker This is a simple checker script to...

7.8CVSS

6.5AI Score

0.002EPSS

2024-06-03 10:04 PM
58
osv
osv

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-02-28 10:57 PM
7
ibm
ibm

Security Bulletin: Multiple security vulnerabilities Affect IBM WebSphere Application Server Liberty shipped with IBM OpenPages

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable...

6.9AI Score

2024-06-06 04:18 PM
3
osv
osv

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

7.6AI Score

0.0005EPSS

2024-06-14 01:59 PM
2
osv
osv

Moderate: pki-core:10.6 and pki-deps:10.6 security update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix(es): jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) For more details about the security issue(s),...

7.5CVSS

7AI Score

0.002EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: perl-Convert-ASN1 security update

Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules. Security Fix(es): perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input (CVE-2013-7488) For more details about the security issue(s), including the impact, a CVSS score,...

7.5CVSS

6.6AI Score

0.009EPSS

2024-06-14 01:59 PM
osv
osv

CVE-2023-23922

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw.....

6.1CVSS

5.8AI Score

0.001EPSS

2023-02-17 08:15 PM
8
osv
osv

CVE-2023-23921

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable...

6.1CVSS

5.8AI Score

0.001EPSS

2023-02-17 08:15 PM
7
osv
osv

Moderate: virt:rhel and virt-devel:rhel security update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....

6.2CVSS

6.7AI Score

0.001EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: idm:DL1 security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: specially crafted HTTP requests potentially lead to denial of...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-06-14 01:59 PM
2
veracode
veracode

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the logout option lacking the necessary token, risking users being inadvertently logged out via CSRF...

6.4AI Score

0.0004EPSS

2024-06-07 08:00 AM
1
Total number of security vulnerabilities368927