Page 32 of 5157 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-5542 – Moodle: students can view other users in "only see own membership" groups

https://notcve.org/view.php?id=CVE-2023-5542

Students in "Only see own membership" groups could see other students in the group, which should be hidden. Los estudiantes en los grupos "Ver solo su propia membresía" podrían ver a otros estudiantes en el grupo, que deberían estar ocultos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213 https://bugzilla.redhat.com/show_bug.cgi?id=2243441 https://moodle.org/mod/forum/discuss.php?d=451583 • CWE-284: Improper Access Control CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-5540 – Moodle: authenticated remote code execution risk in imscp

https://notcve.org/view.php?id=CVE-2023-5540

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad IMSCP. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409 https://bugzilla.redhat.com/show_bug.cgi?id=2243432 https://moodle.org/mod/forum/discuss.php?d=451581 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()

https://notcve.org/view.php?id=CVE-2023-39198

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Se encontró una condición de ejecución en el controlador QXL del kernel de Linux. La función qxl_mode_dumb_create() desreferencia el qobj devuelto por qxl_gem_object_create_with_handle(), pero el identificador es el único que contiene una referencia a él. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39198 https://bugzilla.redhat.com/show_bug.cgi?id=2218332 https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-5539 – Moodle: authenticated remote code execution risk in lesson

https://notcve.org/view.php?id=CVE-2023-5539

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad Lesson. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408 https://bugzilla.redhat.com/show_bug.cgi?id=2243352 https://moodle.org/mod/forum/discuss.php?d=451580 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-5996

https://notcve.org/view.php?id=CVE-2023-5996

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en WebAudio en Google Chrome anterior a 119.0.6045.123 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html https://crbug.com/1497859 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security • CWE-416: Use After Free •