A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP...
A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities Date published : 2019-03-26 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852 https://moodle.org/mod/forum/discuss.php?d=384015#p1547748
A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme’s secure layout, meaning students could navigate out of the page. Date...
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the...
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher...
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar’s edit event modal popup, so logged in non-guest users could...
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. Date published : 2019-03-26 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3830 https://access.redhat.com/errata/RHSA-2019:0919
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server,...
It was found that cockpit before version 184 used glib’s base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded...
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view...
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions. Date...
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. Date published : 2019-03-26 http://www.securityfocus.com/bid/107720 https://security.paloaltonetworks.com/CVE-2019-1572
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. Date published : 2019-03-26 http://www.securityfocus.com/bid/107564 https://securityadvisories.paloaltonetworks.com/Home/Detail/142
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. Date published : 2019-03-26 http://www.securityfocus.com/bid/107564 https://securityadvisories.paloaltonetworks.com/Home/Detail/142