|
220031
|
7.5 |
HIGH
Network
|
gnu
fedoraproject
|
gnutls
fedora
|
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifi…
|
CWE-415
CWE-416
Double Free
Use After Free
|
CVE-2019-3829
|
2024-11-21 13:42 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220032
|
6.1 |
MEDIUM
Network
|
mod_auth_mellon_project
fedoraproject
redhat
canonical
|
mod_auth_mellon
fedora
enterprise_linux
ubuntu_linux
|
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the brows…
|
CWE-601
Open Redirect
|
CVE-2019-3877
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220033
|
4.8 |
MEDIUM
Network
|
moodle
|
moodle
|
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboar…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3847
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220034
|
6.3 |
MEDIUM
Network
|
redhat
opensuse
|
libvirt
leap
|
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash li…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-3840
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220035
|
4.2 |
MEDIUM
Local
|
redhat
|
ansible
|
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible cont…
|
CWE-22
Path Traversal
|
CVE-2019-3828
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220036
|
7.5 |
HIGH
Network
|
ceph
canonical
|
civetweb
ubuntu_linux
|
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaus…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2019-3821
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220037
|
8.8 |
HIGH
Network
|
rpm
|
libcomps
|
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be abl…
|
CWE-416
Use After Free
|
CVE-2019-3817
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220038
|
6.8 |
MEDIUM
Network
|
dovecot
canonical
opensuse
|
dovecot
ubuntu_linux
leap
|
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could …
|
CWE-295
Improper Certificate Validation
|
CVE-2019-3814
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220039
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilit…
|
NVD-CWE-noinfo
|
CVE-2019-3852
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220040
|
4.3 |
MEDIUM
Network
|
moodle
fedoraproject
|
moodle
fedora
|
A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.
|
NVD-CWE-noinfo
|
CVE-2019-3851
|
2024-11-21 13:42 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
