|
801
|
7.5
5.0
|
HIGH
Network
|
Moodle before 2.2.2 has users' private files included in course backups
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2012-1156
|
cpe:2.3:o:redhat:enterprise_linux:6.0:*
|
|
|
|
|
2024-11-21 10:36
2019-11-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
802
|
7.5
5.0
|
HIGH
Network
|
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
|
CWE-200
Information Exposure
|
CVE-2012-1155
|
cpe:2.3:o:redhat:enterprise_linux:6.0:*
|
|
|
|
|
2024-11-21 10:36
2019-11-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
803
|
7.8
4.6
|
HIGH
Local
|
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
|
CWE-120
Classic Buffer Overflow
|
CVE-2011-1145
|
cpe:2.3:o:redhat:enterprise_linux:6.0:* cpe:2.3:o:redhat:enterprise_linux:5.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2024-11-21 10:25
2019-11-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
804
|
8.8
6.5
|
HIGH
Network
|
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
|
CWE-269
Improper Privilege Management
|
CVE-2010-4664
|
cpe:2.3:o:redhat:enterprise_linux:6.0:*
|
|
|
|
|
2024-11-21 10:21
2019-11-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
805
|
7.8
4.6
|
HIGH
Local
|
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2010-4661
|
cpe:2.3:o:redhat:enterprise_linux:6.0:*
|
|
|
|
|
2024-11-21 10:21
2019-11-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
806
|
7.5
5.0
|
HIGH
Network
|
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2010-4657
|
cpe:2.3:o:redhat:enterprise_linux:6.0:* cpe:2.3:o:redhat:enterprise_linux:5.0:*
|
|
|
|
|
2024-11-21 10:21
2019-11-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
807
|
9.8
7.5
|
CRITICAL
Network
|
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
|
CWE-20
Improper Input Validation
|
CVE-2011-2897
|
cpe:2.3:o:redhat:enterprise_linux:5.0:* cpe:2.3:o:redhat:enterprise_linux:4.0:*
|
|
|
|
|
2024-11-21 10:29
2019-11-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
808
|
6.5
3.5
|
MEDIUM
Network
|
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to vie…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-14824
|
cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 13:27
2019-11-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
809
|
5.5
4.9
|
MEDIUM
Local
|
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering s…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-18811
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 13:33
2019-11-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
810
|
9.8
7.5
|
CRITICAL
Network
|
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very l…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-18805
|
cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 13:33
2019-11-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|