Security Vulnerabilities - CVEs Published In January 2017
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
CVSS Score
6.5
EPSS Score
0.014
Published
2017-01-20
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
CVSS Score
6.5
EPSS Score
0.014
Published
2017-01-20
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-01-20
In Moodle 3.x, glossary search displays entries without checking user permissions to view them.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-01-20
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
CVSS Score
5.4
EPSS Score
0.004
Published
2017-01-20
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-01-20
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
CVSS Score
7.3
EPSS Score
0.002
Published
2017-01-20
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-01-20
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-01-20
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-01-20