Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
Max CVSS
3.5
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
The URL parameters accepted by forum search were not limited to the allowed parameters.
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-04-04
Updated
2024-04-05
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
Max CVSS
5.5
EPSS Score
0.06%
Published
2024-01-16
Updated
2024-03-15
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
Max CVSS
5.3
EPSS Score
0.28%
Published
2023-12-24
Updated
2024-02-02
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-07-14
Updated
2024-03-27
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-07-14
Updated
2024-03-27
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-06-16
Updated
2023-08-31
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Max CVSS
5.5
EPSS Score
0.06%
Published
2023-06-16
Updated
2023-08-31
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-07-10
Updated
2023-07-18
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-07-10
Updated
2023-07-19
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-30
Updated
2023-08-31
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
Max CVSS
9.8
EPSS Score
0.39%
Published
2023-05-30
Updated
2023-08-31
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-05-30
Updated
2024-02-22
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.
Max CVSS
6.2
EPSS Score
0.06%
Published
2023-07-10
Updated
2023-08-13
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.
Max CVSS
7.3
EPSS Score
0.18%
Published
2023-05-02
Updated
2023-05-11
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
Max CVSS
5.3
EPSS Score
1.92%
Published
2023-05-02
Updated
2023-05-11
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
Max CVSS
6.2
EPSS Score
0.06%
Published
2023-07-10
Updated
2023-07-19
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
Max CVSS
9.8
EPSS Score
0.43%
Published
2024-01-16
Updated
2024-02-09
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-12-12
Updated
2024-01-01
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
Max CVSS
3.3
EPSS Score
0.05%
Published
2023-11-09
Updated
2023-11-17
83 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!