5.3
CVE-2024-43435 - Moodle: can create global glossary without being admin
A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.
5.3
CVE-2024-43433 - Moodle: matrix user/power level management not always working as expected with suspended users
A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.
5.3
CVE-2024-43432 - Moodle: authorization headers preserved between "emulated redirects"
A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
5.3
CVE-2024-43430 - Moodle: lack of access control when using external methods for quiz overrides
A flaw was found in moodle. External API access to Quiz can override contained insufficient access control.
5.3
CVE-2024-43429 - Moodle: user information visibility control issues in gradebook reports
A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information.
3.7
CVE-2024-43427 - Moodle: admin presets export tool includes some secrets that should not be exported
A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.
9.8
CVE-2024-11068 - D-Link DSL6740C - Incorrect Use of Privileged APIs
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any userβs password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that userβs account.
7.5
CVE-2024-11067 - D-Link DSL6740C - Arbitrary File Reading through Path Traversal
The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through tβ¦
7.2
CVE-2024-11066 - D-Link DSL6740C - OS Command Injection
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.
7.2
CVE-2024-11065 - D-Link DSL6740C - OS Command Injection
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.