A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Date published : 2022-05-18 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736 https://bugzilla.redhat.com/show_bug.cgi?id=2083613
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Date published : 2022-05-18 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74333 https://bugzilla.redhat.com/show_bug.cgi?id=2083610
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Date published : 2022-05-18 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623 https://bugzilla.redhat.com/show_bug.cgi?id=2083592
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Date published : 2022-05-18 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74318 https://bugzilla.redhat.com/show_bug.cgi?id=2083585
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Date published : 2022-05-18 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204 https://bugzilla.redhat.com/show_bug.cgi?id=2083583
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104, CVE-2022-29132. Date published : 2022-05-18 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30138
Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. Date published : 2022-05-18 https://tiger-team-1337.blogspot.com/2022/05/rf-remote-mck-lock-predictable-rolling.html This is what happened when...
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list...
A use-after-free in Busybox 1.35-x’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. Date published : 2022-05-18 https://bugs.busybox.net/show_bug.cgi?id=14781
Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. Date published : 2022-05-18 https://github.com/H4niz/Vulnerability/blob/main/Tenda-TX9-V22.03.02.10-19042022-2.md
An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. Date published : 2022-05-18 https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/9.md
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. Date published : 2022-05-18 https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/8.md
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. Date published : 2022-05-18 https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/7.md
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...