OBS-Vigilance

TitleDescriptionDate
Ruby Time: overload via Regular Expressionopen in new windowAn attacker can trigger an overload of Ruby Time, via Regular Expression, in order to trigger a denial of service...Visit link for details
Forcepoint Web Security: three vulnerabilitiesopen in new windowAn attacker can use several vulnerabilities of Forcepoint Web Security...Visit link for details
Linux kernel: reuse after free via nfsd4_ssc_setup_dul()open in new windowAn attacker can force the reuse of a freed memory area of the Linux kernel, viaVisit link for details
FFmpeg: reuse after free via Stale Hwaccel Stateopen in new windowAn attacker can force the reuse of a freed memory area of FFmpeg, via Stale Hwaccel State, in order to trigger a denial of service, and possibly to run code...Visit link for details
testng: directory traversal via testngXmlExistsInJar()open in new windowAn attacker can traverse directories of testng, viaVisit link for details
Undertow: Man-in-the-Middle via TLS Clientopen in new windowAn attacker can act as a Man-in-the-Middle on Undertow, via TLS Client, in order to read or write data in the session...Visit link for details
markdown-it-py: denial of service via CLI Invalid UTF-8 Charactersopen in new windowAn attacker can cause a fatal error of markdown-it-py, via CLI Invalid UTF-8 Characters, in order to trigger a denial of service...Visit link for details
Moodle: information disclosure via Course Participation Reportopen in new windowAn attacker can bypass access restrictions to data of Moodle, via Course Participation Report, in order to read sensitive information...Visit link for details
Moodle: six vulnerabilitiesopen in new windowAn attacker can use several vulnerabilities of Moodle...Visit link for details
zstd: buffer overflow via util.copen in new windowAn attacker can trigger a buffer overflow of zstd, via util.c, in order to trigger a denial of service, and possibly to run code...Visit link for details
Drupal Xray Audit: Cross Site Scriptingopen in new windowAn attacker can trigger a Cross Site Scripting of Drupal Xray Audit, in order to run JavaScript code in the context of the web site...Visit link for details