RSS   Podatności dla 'Fedora'   RSS

2021-11-23
 
CVE-2021-3672

CWE-79
 

 
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

 
2021-11-22
 
CVE-2021-3935

CWE-89
 

 
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

 
 
CVE-2021-43558

CWE-79
 

 
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

 
 
CVE-2021-43559

CWE-352
 

 
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

 
 
CVE-2021-43560

CWE-668
 

 
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

 
2021-11-19
 
CVE-2021-3974

CWE-416
 

 
vim is vulnerable to Use After Free

 
 
CVE-2021-3968

CWE-787
 

 
vim is vulnerable to Heap-based Buffer Overflow

 
 
CVE-2021-3973

CWE-787
 

 
vim is vulnerable to Heap-based Buffer Overflow

 
 
CVE-2021-44025

CWE-79
 

 
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.

 
 
CVE-2021-44026

CWE-89
 

 
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

 


Copyright 2021, cxsecurity.com

 

Back to Top