‼ CVE-2021-36400 ‼
📖 Read
via "National Vulnerability Database".
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0093 ‼
📖 Read
via "National Vulnerability Database".
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24733 ‼
📖 Read
via "National Vulnerability Database".
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36396 ‼
📖 Read
via "National Vulnerability Database".
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36392 ‼
📖 Read
via "National Vulnerability Database".
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36399 ‼
📖 Read
via "National Vulnerability Database".
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36713 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26601 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1161 ‼
📖 Read
via "National Vulnerability Database".
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36395 ‼
📖 Read
via "National Vulnerability Database".
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24737 ‼
📖 Read
via "National Vulnerability Database".
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26949 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24217 ‼
📖 Read
via "National Vulnerability Database".
AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4904 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36402 ‼
📖 Read
via "National Vulnerability Database".
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1211 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36403 ‼
📖 Read
via "National Vulnerability Database".
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45141 ‼
📖 Read
via "National Vulnerability Database".
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3707 ‼
📖 Read
via "National Vulnerability Database".
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1212 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2008-10004 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".