Skip to main content

Extra Packages For Enterprise Linux

65 CVEs product

Monthly

CVE-2024-0232 MEDIUM POC This Month

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Sqlite Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-51766 MEDIUM POC PATCH This Month

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Exim Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-4256 MEDIUM POC This Month

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4255 MEDIUM POC PATCH This Month

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service W3M Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-5764 PyPI HIGH PATCH This Week

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Ssti Ansible Extra Packages For Enterprise Linux Fedora +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5341 MEDIUM PATCH This Month

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-5543 LOW PATCH Monitor

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-5551 PHP LOW PATCH Monitor

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-5550 PHP CRITICAL PATCH Act Now

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-5549 PHP MEDIUM PATCH This Month

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5548 PHP MEDIUM PATCH This Month

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-5545 PHP MEDIUM PATCH This Month

H5P metadata automatically populated the author with the user's username, which could be sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5542 PHP MEDIUM PATCH This Month

Students in "Only see own membership" groups could see other students in the group, which should be hidden. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-5540 PHP HIGH PATCH This Week

A remote code execution risk was identified in the IMSCP activity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-5539 PHP HIGH PATCH This Week

A remote code execution risk was identified in the Lesson activity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-3428 MEDIUM This Month

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Imagemagick Extra Packages For Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38253 MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service W3M Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-38252 MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service W3M Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34432 HIGH POC This Week

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow RCE Information Disclosure +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34318 HIGH This Week

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow RCE Information Disclosure +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32627 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26590 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3195 MEDIUM POC PATCH This Month

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Denial Of Service Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-34475 MEDIUM PATCH This Month

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34474 MEDIUM PATCH This Month

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Heap Overflow Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34153 HIGH POC This Week

A vulnerability was found in ImageMagick. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Imagemagick Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
3.2%
CVE-2023-34152 CRITICAL POC Act Now

A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Imagemagick Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
8.0%
CVE-2023-34151 MEDIUM POC This Month

A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-30944 PHP HIGH PATCH This Week

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2023-30943 PHP MEDIUM POC PATCH This Month

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
6.6%
CVE-2023-1906 MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Heap Overflow Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-0056 MEDIUM This Month

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Haproxy Ceph Storage Software Collections Openshift Container Platform +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-4170 CRITICAL Act Now

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rxvt Unicode Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-4144 MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Qemu Extra Packages For Enterprise Linux +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-45152 PHP CRITICAL PATCH Act Now

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-40316 PHP MEDIUM PATCH This Month

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-40315 PHP CRITICAL PATCH Act Now

A limited SQL injection risk was identified in the "browse list of users" site administration page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40313 PHP HIGH PATCH This Week

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-3213 MEDIUM PATCH This Month

A heap buffer overflow issue was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Imagemagick Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-0367 HIGH POC PATCH This Week

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libmodbus Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-2719 MEDIUM PATCH This Month

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Extra Packages For Enterprise Linux Imagemagick Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2296 HIGH This Week

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-2295 HIGH This Week

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Extra Packages For Enterprise Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-2294 HIGH KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Extra Packages For Enterprise Linux +10
NVD
CVSS 3.1
8.8
EPSS
70.5%
CVE-2022-2163 HIGH This Week

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2158 HIGH This Week

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Use After Free Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-32546 HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-32545 HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-24882 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freerdp Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-28327 Go HIGH PATCH This Week

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2022-25648 Ruby CRITICAL POC PATCH Act Now

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2022-0983 PHP HIGH PATCH This Week

An SQL injection risk was identified in Badges code relating to configuring criteria. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Moodle Fedora Extra Packages For Enterprise Linux
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-27191 Go HIGH PATCH This Week

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSH Extra Packages For Enterprise Linux Fedora Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2022-0725 HIGH This Week

A flaw was found in keepass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-0546 HIGH PATCH This Week

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow RCE Buffer Overflow Blender +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-23727 PyPI HIGH POC PATCH This Week

This affects the package celery before 5.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection Celery Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-43560 PHP MEDIUM PATCH This Month

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-43559 PHP HIGH PATCH This Week

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-43558 PHP MEDIUM PATCH This Month

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-21897 HIGH POC This Week

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow RCE Dxflib Extra Packages For Enterprise Linux +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-38714 HIGH POC This Week

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Plib Debian Linux Extra Packages For Enterprise Linux +1
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-20247 HIGH POC This Week

A flaw was found in mbsync before v1.3.5 and v1.4.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mbsync Extra Packages For Enterprise Linux Debian Linux Fedora
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2020-27818 LOW Monitor

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pngcheck Extra Packages For Enterprise Linux Fedora +1
NVD
CVSS 3.1
3.3
EPSS
1.2%
CVE-2020-9274 HIGH POC PATCH This Week

An issue was discovered in Pure-FTPd 1.0.49. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Pure Ftpd Debian Linux Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2020-7106 MEDIUM POC This Month

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti Debian Linux Backports Sle +4
NVD GitHub
CVSS 3.1
6.1
EPSS
2.1%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Exim Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Extra Packages For Enterprise Linux +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Ssti Ansible +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Authentication Bypass Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

H5P metadata automatically populated the author with the user's username, which could be sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Students in "Only see own membership" groups could see other students in the group, which should be hidden. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A remote code execution risk was identified in the IMSCP activity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A remote code execution risk was identified in the Lesson activity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Heap Overflow +3
NVD GitHub
EPSS 3% CVSS 7.8
HIGH POC This Week

A vulnerability was found in ImageMagick. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Imagemagick Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Imagemagick Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Imagemagick +4
NVD GitHub
EPSS 1% CVSS 7.3
HIGH PATCH This Week

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 7% CVSS 5.3
MEDIUM POC PATCH This Month

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Heap Overflow +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Haproxy Ceph Storage +7
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rxvt Unicode Extra Packages For Enterprise Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow +4
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A limited SQL injection risk was identified in the "browse list of users" site administration page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap buffer overflow issue was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Imagemagick +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libmodbus Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Extra Packages For Enterprise Linux Imagemagick +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +3
NVD
EPSS 70% CVSS 8.8
HIGH KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow +12
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freerdp Extra Packages For Enterprise Linux +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Extra Packages For Enterprise Linux +1
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An SQL injection risk was identified in Badges code relating to configuring criteria. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Moodle Fedora +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSH Extra Packages For Enterprise Linux +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A flaw was found in keepass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow RCE +5
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

This affects the package celery before 5.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection Celery Extra Packages For Enterprise Linux +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Extra Packages For Enterprise Linux +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow RCE +4
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Plib +3
NVD
EPSS 2% CVSS 7.4
HIGH POC This Week

A flaw was found in mbsync before v1.3.5 and v1.4.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mbsync Extra Packages For Enterprise Linux +2
NVD
EPSS 1% CVSS 3.3
LOW Monitor

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pngcheck +3
NVD
EPSS 6% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Pure-FTPd 1.0.49. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Pure Ftpd +4
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti +6
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy