| 2024-02-19 | CVE-2024-25979 | The URL parameters accepted by forum search were not limited to the allowed parameters. | 5.3 |
| 2024-02-19 | CVE-2024-25980 | Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. | 5.3 |
| 2024-02-19 | CVE-2024-25981 | Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. | 5.3 |
| 2024-02-19 | CVE-2024-25982 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | 8.8 |
| 2024-02-19 | CVE-2024-25983 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | 5.3 |
| 2024-02-19 | CVE-2024-1597 | SQL Injection vulnerability in multiple products
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. | 9.8 |
| 2024-02-19 | CVE-2024-1580 | Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. | 8.8 |
| 2024-02-15 | CVE-2024-1488 | A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. | 7.3 |
| 2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
| 2024-02-13 | CVE-2024-24814 | mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. | 7.5 |