|
210311
|
9.8 |
CRITICAL
Network
|
microfocus
|
identity_manager
|
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.
|
CWE-89
SQL Injection
|
CVE-2020-25839
|
2024-11-21 14:18 |
2020-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210312
|
5.3 |
MEDIUM
Network
|
moodle
fedoraproject
|
moodle
fedora
|
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. …
|
CWE-200
Information Exposure
|
CVE-2020-25703
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210313
|
6.1 |
MEDIUM
Network
|
moodle
fedoraproject
|
moodle
fedora
|
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25702
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210314
|
5.3 |
MEDIUM
Network
|
moodle
fedoraproject
|
moodle
fedora
|
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead t…
|
CWE-863
Incorrect Authorization
|
CVE-2020-25701
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210315
|
6.5 |
MEDIUM
Network
|
moodle
fedoraproject
|
moodle
fedora
|
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earli…
|
CWE-89
SQL Injection
|
CVE-2020-25700
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210316
|
7.5 |
HIGH
Network
|
moodle
fedoraproject
|
moodle
fedora
|
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.…
|
CWE-863
Incorrect Authorization
|
CVE-2020-25699
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210317
|
7.5 |
HIGH
Network
|
moodle
fedoraproject
|
moodle
fedora
|
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do …
|
NVD-CWE-noinfo
|
CVE-2020-25698
|
2024-11-21 14:18 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210318
|
6.1 |
MEDIUM
Network
|
kyocera
|
ecosys_m2640idw_firmware
|
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this v…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25890
|
2024-11-21 14:18 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210319
|
5.4 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter Pa…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25798
|
2024-11-21 14:18 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210320
|
4.6 |
MEDIUM
Physics
|
resourcexpress
|
qubi3_firmware
|
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable),…
|
CWE-200
Information Exposure
|
CVE-2020-25746
|
2024-11-21 14:18 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
