CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1158
https://notcve.org/view.php?id=CVE-2012-1158
14 Nov 2019 — Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export Moodle versiones anteriores a la versión 2.2.2, tiene un filtrado de información del curso en el libro de calificaciones donde los usuarios son capaces de visualizar los elementos de calificación ocultos en la exportación. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1157
https://notcve.org/view.php?id=CVE-2012-1157
14 Nov 2019 — Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default Moodle versiones anteriores a la versión 2.2.2, tiene un problema de capacidades de repositorio predeterminadas donde todos los repositorios son visibles para todos los usuarios por defecto. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2012-1156
https://notcve.org/view.php?id=CVE-2012-1156
14 Nov 2019 — Moodle before 2.2.2 has users' private files included in course backups Moodle versiones anteriores a 2.2.2, tiene archivos privados de los usuarios incluidos en copias de seguridad del curso. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.2EPSS: 2%CPEs: 5EXPL: 0CVE-2012-1168
https://notcve.org/view.php?id=CVE-2012-1168
14 Nov 2019 — Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. Moodle versiones anteriores a 2.2.2, tiene un problema de contraseña y servicios web donde, cuando el perfil de usuario es actualizado, la contraseña de usuario se restablece si no es especificada. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2012-1155
https://notcve.org/view.php?id=CVE-2012-1155
14 Nov 2019 — Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to Moodle posee un problema de permiso de exportación de la actividad de la base de datos donde la función de exportación del módulo de actividad de la base de datos exporta todas las entradas, incluso aquellas de grupos a los que el usuario no pertenece • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-0049
https://notcve.org/view.php?id=CVE-2012-0049
07 Nov 2019 — OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. OpenTTD versiones anteriores a 1.1.5, contiene una Denegación de Servicio (ataque de lectura lenta) que impide que los usuarios se unan al servidor. • http://security.openttd.org/en/CVE-2012-0049 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 1%CPEs: 9EXPL: 0CVE-2019-11281 – RabbitMQ XSS attack
https://notcve.org/view.php?id=CVE-2019-11281
16 Oct 2019 — Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information. Pivotal RabbitMQ, versiones ... • https://access.redhat.com/errata/RHSA-2020:0078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5834 – Debian Security Advisory 4500-1
https://notcve.org/view.php?id=CVE-2019-5834
27 Jun 2019 — Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. La insuficiente validación de datos en Blink en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto realizara una falsificación de dominio a través de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. Versions less tha... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5816 – Gentoo Linux Security Advisory 201908-18
https://notcve.org/view.php?id=CVE-2019-5816
27 Jun 2019 — Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. El problema de la duración del proceso en Chrome en Google Chrome en Android antes de 74.0.3729.108 permitió que un atacante remoto pudiera persistir en un proceso explotado a través de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers t... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 8.8EPSS: 3%CPEs: 8EXPL: 0CVE-2019-5817 – Gentoo Linux Security Advisory 201908-18
https://notcve.org/view.php?id=CVE-2019-5817
27 Jun 2019 — Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento del búfer del heap en ANGLE en Google Chrome en Windows antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute ar... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-787: Out-of-bounds Write •