|
209581
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" p…
|
-
|
CVE-2020-25631
|
2024-11-21 14:18 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209582
|
7.5 |
HIGH
Network
|
moodle
|
moodle
|
A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This aff…
|
-
|
CVE-2020-25630
|
2024-11-21 14:18 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209583
|
8.8 |
HIGH
Network
|
moodle
|
moodle
|
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as…
|
CWE-862
Missing Authorization
|
CVE-2020-25629
|
2024-11-21 14:18 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209584
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed i…
|
-
|
CVE-2020-25628
|
2024-11-21 14:18 |
2020-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209585
|
7.5 |
HIGH
Network
|
moddable
|
moddable
|
Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-25465
|
2024-11-21 14:18 |
2020-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209586
|
7.5 |
HIGH
Network
|
moddable
|
moddable
|
Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25464
|
2024-11-21 14:18 |
2020-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209587
|
7.5 |
HIGH
Network
|
moddable
|
moddable
|
Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV).
|
NVD-CWE-Other
|
CVE-2020-25463
|
2024-11-21 14:18 |
2020-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209588
|
6.5 |
MEDIUM
Network
|
infinispan
redhat
netapp
|
infinispan
data_grid
active_iq_unified_manager
|
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can…
|
CWE-862
Missing Authorization
|
CVE-2020-25711
|
2024-11-21 14:18 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209589
|
8.1 |
HIGH
Network
|
cimg
fedoraproject
|
cimg
fedora
|
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can l…
|
-
|
CVE-2020-25693
|
2024-11-21 14:18 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209590
|
7.5 |
HIGH
Network
|
fasterxml
netapp
fedoraproject
quarkus
apache
oracle
|
jackson-databind
oncommand_workflow_automation
service_level_manager
oncommand_api_services
fedora
quarkus
iotdb
webcenter_portal
banking_platform
utilities_framework
ag…
|
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from t…
|
CWE-611
XXE
|
CVE-2020-25649
|
2024-11-21 14:18 |
2020-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
