Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 47.49%
  • Veröffentlicht 19.11.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:23:21

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

Warnung Exploit
  • EPSS 84.55%
  • Veröffentlicht 19.11.2020 19:15:11
  • Zuletzt bearbeitet 07.11.2025 22:03:27

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

  • EPSS 1.52%
  • Veröffentlicht 19.11.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:31

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3....

  • EPSS 1.9%
  • Veröffentlicht 19.11.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:30

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8,...

  • EPSS 1.59%
  • Veröffentlicht 19.11.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:30

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupp...

  • EPSS 1.33%
  • Veröffentlicht 19.11.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:30

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3....

  • EPSS 1.37%
  • Veröffentlicht 19.11.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:30

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Ve...

  • EPSS 1.28%
  • Veröffentlicht 19.11.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:31

In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.

  • EPSS 54.16%
  • Veröffentlicht 19.11.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:38

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number...

  • EPSS 3.81%
  • Veröffentlicht 18.11.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:22:39

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.