Redhat: >> Enterprise Linux Security Vulnerabilities
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-15
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-15
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-11-14
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
CVSS Score
7.5
EPSS Score
0.013
Published
2019-11-14
Moodle before 2.2.2 has users' private files included in course backups
CVSS Score
7.5
EPSS Score
0.012
Published
2019-11-14
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
CVSS Score
8.2
EPSS Score
0.022
Published
2019-11-14
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-14
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-11-13
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-11-13
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-13