Security Vulnerabilities - CVEs Published In May 2024
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-31
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-05-31
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-31
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-31
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-31
libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-05-31
libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-05-31
An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-05-31
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVSS Score
8.4
EPSS Score
0.002
Published
2024-05-31
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVSS Score
8.4
EPSS Score
0.002
Published
2024-05-31
Page 1