Skip to main content
CVE-2017-2645 MEDIUM PATCH This Month

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2644 MEDIUM PATCH This Month

In Moodle 3.x, XSS can occur via evidence of prior learning. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7266 MEDIUM PATCH This Month

Netflix Security Monkey before 0.8.0 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Security Monkey
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5622 MEDIUM This Month

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oxygenos
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-2643 MEDIUM PATCH This Month

In Moodle 3.2.x, global search displays user names for unauthenticated users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2017-7264 MEDIUM PATCH This Month

Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Mupdf
NVD
CVSS 3.1
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy