CVE-2023-6395

all versions

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execut

6.7MEDIUM

CVE-2024-0232

all versions

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a

4.7MEDIUM

CVE-2023-51766

all versions

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published explo

5.3MEDIUM

CVE-2023-4256

all versions

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugin

5.5MEDIUM

CVE-2023-4255

all versions

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M app

5.5MEDIUM

CVE-2023-5764

all versions

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe desi

7.1HIGH

CVE-2023-5341

all versions

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

6.2MEDIUM

CVE-2023-5543

all versions

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activ

3.3LOW

CVE-2023-5551

all versions

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

3.3LOW

CVE-2023-5550

all versions

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has di

6.5MEDIUM

CVE-2023-5549

all versions

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent catego

3.3LOW

CVE-2023-5548

all versions

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

3.3LOW

CVE-2023-5545

all versions

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

3.3LOW

CVE-2023-5542

all versions

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

3.3LOW

CVE-2023-5540

all versions

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

4.7MEDIUM

CVE-2023-5539

all versions

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

4.7MEDIUM

CVE-2023-3428

all versions

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to tr

6.2MEDIUM

CVE-2022-4318

all versions

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially craft

7.8HIGH

CVE-2023-38253

all versions

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause

4.7MEDIUM

CVE-2023-38252

all versions

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a den

4.7MEDIUM

CVE-2023-34432

all versions

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lea

7.8HIGH

CVE-2023-34318

all versions

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a

7.8HIGH

CVE-2023-32627

all versions

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lea

6.2MEDIUM

CVE-2023-26590

all versions

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw

6.2MEDIUM

CVE-2023-3195

all versions

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into

5.5MEDIUM

CVE-2023-34475

all versions

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could

5.5MEDIUM

CVE-2023-34474

all versions

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker

5.5MEDIUM

CVE-2023-34153

all versions

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or vid

7.8HIGH

CVE-2023-34152

all versions

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable

9.8CRITICAL

CVE-2023-34151

all versions

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg,

5.5MEDIUM

CVE-2023-30944

all versions

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for

5.6MEDIUM

CVE-2023-30943

all versions

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in Ti

6.5MEDIUM

CVE-2023-1906

all versions

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-imp

5.5MEDIUM

CVE-2023-0056

all versions

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow

6.5MEDIUM

CVE-2023-1289

all versions

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. Thi

5.5MEDIUM

CVE-2022-4170

all versions

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control

9.8CRITICAL

CVE-2022-4144

all versions

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the

6.5MEDIUM

CVE-2022-45152

all versions

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of u

9.1CRITICAL

CVE-2022-40316

all versions

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing t

4.3MEDIUM

CVE-2022-40315

all versions

A limited SQL injection risk was identified in the "browse list of users" site administration page.

9.8CRITICAL

CVE-2022-40313

all versions

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page faili

7.1HIGH

CVE-2022-3213

all versions

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undef

5.5MEDIUM

CVE-2022-0367

all versions

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

7.8HIGH

CVE-2020-14394

all versions

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Bl

3.2LOW

CVE-2022-2719

all versions

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, d

5.5MEDIUM

CVE-2022-2296

all versions

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a

8.8HIGH

CVE-2022-2295

all versions

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via

8.8HIGH

CVE-2022-2294

all versions

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corr

8.8HIGH

CVE-2022-2163

all versions

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install

8.8HIGH

CVE-2022-2158

all versions

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via

8.8HIGH

CVE-2022-32546

all versions

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/p

7.8HIGH

CVE-2022-32545

all versions

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/p

7.8HIGH

CVE-2022-24882

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentic

9.1CRITICAL

CVE-2022-28327

all versions

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

7.5HIGH

CVE-2022-25648

all versions

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'ori

8.1HIGH

CVE-2022-0983

all versions

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limite

8.8HIGH

CVE-2022-27191

all versions

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certai

7.5HIGH

CVE-2022-0725

all versions

A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Inform

7.5HIGH

CVE-2021-3733

all versions

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (s

6.5MEDIUM

CVE-2022-0546

all versions

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker

7.8HIGH

CVE-2022-21698

all versions

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides

7.5HIGH

CVE-2022-0571

all versions

Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.

6.1MEDIUM

CVE-2021-45079

all versions

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the cl

9.1CRITICAL

CVE-2021-46142

all versions

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

5.5MEDIUM

CVE-2021-46141

all versions

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

5.5MEDIUM

CVE-2021-23727

all versions

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). W

7.5HIGH

CVE-2021-43560

all versions

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficien

5.3MEDIUM

CVE-2021-43559

all versions

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete

8.8HIGH

CVE-2021-43558

all versions

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL param

6.1MEDIUM

CVE-2021-21897

all versions

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-c

8.8HIGH

CVE-2021-38714

all versions

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability

8.8HIGH

CVE-2021-20247

all versions

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allo

7.4HIGH

CVE-2020-27842

all versions

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be process

5.5MEDIUM

CVE-2020-27818

all versions

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed b

3.3LOW

CVE-2020-9274

all versions

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked lis

7.5HIGH

CVE-2020-7106

all versions

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, use

6.1MEDIUM