Skip to main content
CVE-2017-2641 CRITICAL POC PATCH Act Now

In Moodle 2.x and 3.x, SQL injection can occur via user preferences. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Moodle
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-10273 HIGH This Week

Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Air
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2017-7263 HIGH PATCH This Week

The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Potrace
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-2645 MEDIUM PATCH This Month

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2644 MEDIUM PATCH This Month

In Moodle 3.x, XSS can occur via evidence of prior learning. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7266 MEDIUM PATCH This Month

Netflix Security Monkey before 0.8.0 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Security Monkey
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5622 MEDIUM This Month

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oxygenos
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-2643 MEDIUM PATCH This Month

In Moodle 3.2.x, global search displays user names for unauthenticated users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2017-7264 MEDIUM PATCH This Month

Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Mupdf
NVD
CVSS 3.1
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy