CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20281
https://notcve.org/view.php?id=CVE-2021-20281
15 Mar 2021 — It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Fue posible que algunos usuarios sin permiso para visualizar los nombres completos de otros usuarios lo hicieran por medio del bloque de usuarios en línea en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939041 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 1%CPEs: 7EXPL: 1CVE-2021-20280 – Moodle Cross Site Scripting / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2021-20280
15 Mar 2021 — Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Las respuestas de retroalimentación basadas en texto requirieron saneamiento adicional para prevenir un ataque de tipo XSS almacenado y riesgos SSRF ciegos en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 Moodle versions 3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, and 3.5 to 3.5.16 suffer from cross site scripting and server-side request forgery vu... • http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20279
https://notcve.org/view.php?id=CVE-2021-20279
15 Mar 2021 — The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. El campo ID number user profile requería un saneamiento adicional para evitar un riesgo de tipo XSS almacenado en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28375 – Ubuntu Security Notice USN-4949-1
https://notcve.org/view.php?id=CVE-2021-28375
15 Mar 2021 — An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. Se detectó un problema en el kernel de Linux versiones hasta 5.11.6. La función fastrpc_internal_invoke en el archivo drivers/misc/fastrpc.c no evita a unas aplicaciones de usuario enviar mensajes RPC del kernel, también se conoce como CID-20c40794eb85. Este ... • https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6 • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2021-20179 – pki-core: Unprivileged users can renew any certificate
https://notcve.org/view.php?id=CVE-2021-20179
15 Mar 2021 — A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en pki-core. Un atacante que haya comprometido con éxito una clave podría usar este fallo para renovar el certificado correspondiente una y otra vez, siempre que no se revoque explícitamente. • https://bugzilla.redhat.com/show_bug.cgi?id=1914379 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21367 – Incorrect Authorization in switchboard-plug-bluetooth
https://notcve.org/view.php?id=CVE-2021-21367
12 Mar 2021 — Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn't expose any services via Bluetooth that a... • https://github.com/elementary/switchboard-plug-bluetooth/commit/86500e645a907538abafe5225b67cc12c03e7645 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2020-36281 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36281
12 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. Leptonica versiones anteriores a 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función pixFewColorsOctcubeQuantMixed en el archivo colorquant1.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2020-36280 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36280
12 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. Leptonica versiones anteriores a 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función pixReadFromTiffStream, relacionado con el archivo tiffio.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 1CVE-2020-36279 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36279
12 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. Leptonica versiones anteriores a 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función rasteropGeneralLow, relacionada con los archivos adaptmap_reg.c y adaptmap.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 1CVE-2020-36278 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36278
11 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. Leptonica versiones anteriores a la 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función findNextBorderPixel en el archivo ccbord.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433 • CWE-125: Out-of-bounds Read •