Page 27 of 982 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 89.0.4389.90, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html https://crbug.com/1167357 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ https://security.gentoo.org/glsa/202104-08 https://www.debian.org/security/2021/dsa-4886 • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. El servicio web responsable de obtener los cursos inscritos de otros usuarios no comprobó que el usuario solicitante tuviera permiso para visualizar esa información en cada curso en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939051 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org/mod/forum/discuss.php?d=419654 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Cuando se crea una cuenta de usuario, era posible verificar la cuenta sin tener acceso al enlace/secreto del correo electrónico de comprobación en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939046 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org/mod/forum/discuss.php?d=419653 • CWE-863: Incorrect Authorization •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Fue posible que algunos usuarios sin permiso para visualizar los nombres completos de otros usuarios lo hicieran por medio del bloque de usuarios en línea en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939041 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org/mod/forum/discuss.php?d=419652 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Las respuestas de retroalimentación basadas en texto requirieron saneamiento adicional para prevenir un ataque de tipo XSS almacenado y riesgos SSRF ciegos en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html https://bugzilla.redhat.com/show_bug.cgi?id=1939037 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGOMHMYM3WICJ6D6U22Z6LPJGT5A6MZM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •