Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-wwjf-gwrv-wh45: Moodle's IDOR in badges allows deletion of arbitrary badges

A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.

ghsa
Open in Source
#vulnerability#web#auth
GHSA-mx26-62xm-2p83: Moodle vulnerable to site administration SQL injection via XMLDB editor

A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.

WordPress Meetup 0.1 Authentication Bypass

WordPress Meetup plugin versions 0.1 and below suffer from an authentication bypass vulnerability.

Androxgh0st Botnet Integrates Mozi, Expands Attacks on IoT Vulnerabilities

CloudSEK reports that the Androxgh0st botnet has integrated with the Mozi botnet and exploits a wide range of…

Ubuntu Security Notice USN-7088-4

Ubuntu Security Notice 7088-4 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-7095-1

Ubuntu Security Notice 7095-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-7089-3

Ubuntu Security Notice 7089-3 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

TestRail CLI FieldsParser eval Injection

While parsing test result XML files with the TestRail CLI, the presence of certain TestRail-specific fields can cause untrusted data to flow into an eval() statement, leading to arbitrary code execution. In order to exploit this, an attacker would need to be able to cause the TestRail CLI to parse a malicious XML file. Normally an attacker with this level of control would already have other avenues of gaining code execution.

Red Hat Security Advisory 2024-8977-03

Red Hat Security Advisory 2024-8977-03 - An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Security Advisory 2024-8694-03

Red Hat Security Advisory 2024-8694-03 - Red Hat OpenShift Container Platform release 4.12.68 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.