5.3
CVE-2024-11070 - Sanluan PublicCMS Tag Type save cross site scripting
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may β¦
8.7
CVE-2024-10314 - Unauthenticated Denial of Service via Auto Generation Function
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol WiΔsek.
8.7
CVE-2024-10344 - Unauthenticated Denial of Service via Refuse Function
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol WiΔsek.
8.7
CVE-2024-10345 - Unauthenticated Denial of Service via Shutdown Function
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol WiΔsek.
3.3
CVE-2024-34015 -
Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892.
5.5
CVE-2024-34014 -
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linβ¦
5.4
CVE-2024-43437 - Moodle: xss risk when restoring malicious course backup file
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.
5.3
CVE-2024-43435 - Moodle: can create global glossary without being admin
A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.
5.3
CVE-2024-43433 - Moodle: matrix user/power level management not always working as expected with suspended users
A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.
5.3
CVE-2024-43432 - Moodle: authorization headers preserved between "emulated redirects"
A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.