Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-20 | CVE-2016-7038 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moodle In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. | 7.3 |
| 2017-01-20 | CVE-2016-5014 | Information Exposure vulnerability in Moodle In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. | 5.4 |
| 2017-01-20 | CVE-2016-5013 | Injection vulnerability in Moodle In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. | 5.4 |
| 2017-01-20 | CVE-2016-5012 | Information Exposure vulnerability in Moodle 3.1.0 In Moodle 3.x, glossary search displays entries without checking user permissions to view them. | 5.3 |
| 2017-01-20 | CVE-2016-10143 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 15.2 A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | 7.5 |
| 2017-01-19 | CVE-2016-5725 | Path Traversal vulnerability in Jcraft Jsch Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command. | 5.9 |
| 2017-01-19 | CVE-2016-9016 | Improper Access Control vulnerability in Firejail Project Firejail 0.9.38.4 Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | 8.8 |
| 2017-01-19 | CVE-2016-7794 | Improper Access Control vulnerability in Sociomantic Git-Hub sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name. | 9.8 |
| 2017-01-19 | CVE-2016-7793 | Improper Access Control vulnerability in Sociomantic Git-Hub sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. | 8.8 |
| 2017-01-19 | CVE-2016-7545 | Improper Access Control vulnerability in multiple products SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | 8.8 |