CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5548 – Moodle: cache poisoning risk with endpoint revision numbers
https://notcve.org/view.php?id=CVE-2023-5548
09 Nov 2023 — Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. Se requirieron limitaciones más estrictas en el número de revisiones en los endpoints de servicio de archivos para mejorar la protección contra el envenenamiento de la caché. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846 • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5545 – Moodle: auto-populated h5p author name causes a potential information leak
https://notcve.org/view.php?id=CVE-2023-5545
09 Nov 2023 — H5P metadata automatically populated the author with the user's username, which could be sensitive information. Los metadatos de H5P completaron automáticamente al autor con el nombre de usuario del usuario, que podría ser información confidencial. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5542 – Moodle: students can view other users in "only see own membership" groups
https://notcve.org/view.php?id=CVE-2023-5542
09 Nov 2023 — Students in "Only see own membership" groups could see other students in the group, which should be hidden. Los estudiantes en los grupos "Ver solo su propia membresía" podrían ver a otros estudiantes en el grupo, que deberían estar ocultos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213 • CWE-284: Improper Access Control CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.0EPSS: 1%CPEs: 7EXPL: 0CVE-2023-5540 – Moodle: authenticated remote code execution risk in imscp
https://notcve.org/view.php?id=CVE-2023-5540
09 Nov 2023 — A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad IMSCP. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 1%CPEs: 7EXPL: 0CVE-2023-5539 – Moodle: authenticated remote code execution risk in lesson
https://notcve.org/view.php?id=CVE-2023-5539
09 Nov 2023 — A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad Lesson. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5341 – Imagemagick: heap use-after-free in coders/bmp.c
https://notcve.org/view.php?id=CVE-2023-5341
09 Oct 2023 — A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Se encontró una falla de heap-use-after-free en coders/bmp.c en ImageMagick. handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • https://access.redhat.com/security/cve/CVE-2023-5341 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-38253 – W3m: out of bounds read in growbuf_to_str() at w3m/indep.c
https://notcve.org/view.php?id=CVE-2023-38253
14 Jul 2023 — An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. This update for w3m fixes the following issues. • https://access.redhat.com/security/cve/CVE-2023-38253 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-38252 – W3m: out of bounds read in strnew_size() at w3m/str.c
https://notcve.org/view.php?id=CVE-2023-38252
14 Jul 2023 — An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. This update for w3m fixes the following issues. • https://access.redhat.com/security/cve/CVE-2023-38252 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-34432 – Heap-buffer-overflow in src/formats_i.c
https://notcve.org/view.php?id=CVE-2023-34432
10 Jul 2023 — A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. An update that fixes 10 vulnerabilities is now available. This update for sox fixes the following issues. • https://access.redhat.com/security/cve/CVE-2023-34432 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34318 – Heap-buffer-overflow in src/hcom.c
https://notcve.org/view.php?id=CVE-2023-34318
10 Jul 2023 — A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. An update that fixes 10 vulnerabilities is now available. This update for sox fixes the following issues. • https://access.redhat.com/security/cve/CVE-2023-34318 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •