| 2021-03-17 | CVE-2021-28650 | Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. | 5.5 |
| 2021-03-15 | CVE-2021-20283 | Missing Authorization vulnerability in multiple products
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 4.3 |
| 2021-03-15 | CVE-2021-20282 | When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.3 |
| 2021-03-15 | CVE-2021-20281 | Incorrect Authorization vulnerability in multiple products
It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.3 |
| 2021-03-15 | CVE-2021-20280 | Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.4 |
| 2021-03-15 | CVE-2021-20279 | Cross-site Scripting vulnerability in multiple products
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.4 |
| 2021-03-15 | CVE-2021-28363 | Improper Certificate Validation vulnerability in multiple products
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. | 6.5 |
| 2021-03-11 | CVE-2021-28153 | Link Following vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.8. | 5.3 |
| 2021-03-11 | CVE-2021-27919 | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. | 5.5 |
| 2021-03-10 | CVE-2021-21334 | In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. | 6.3 |