Security News

CVE-2017-16527

National Vulnerability Database - Fri, 11/03/2017 - 21:29
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16528

National Vulnerability Database - Fri, 11/03/2017 - 21:29
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16529

National Vulnerability Database - Fri, 11/03/2017 - 21:29
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16530

National Vulnerability Database - Fri, 11/03/2017 - 21:29
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.
Categories: Security News

CVE-2017-16531

National Vulnerability Database - Fri, 11/03/2017 - 21:29
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls that use a USB_DT_INTERFACE_ASSOCIATION descriptor.
Categories: Security News

CVE-2017-1000153

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account.
Categories: Security News

CVE-2017-1000154

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
Categories: Security News

CVE-2017-1000155

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.
Categories: Security News

CVE-2017-1000156

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
Categories: Security News

CVE-2017-1000157

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.
Categories: Security News

CVE-2017-1000171

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
Categories: Security News

CVE-2017-14359

National Vulnerability Database - Fri, 11/03/2017 - 14:29
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.
Categories: Security News

CVE-2017-1000131

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
Categories: Security News

CVE-2017-1000132

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
Categories: Security News

CVE-2017-1000133

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
Categories: Security News

CVE-2017-1000134

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
Categories: Security News

CVE-2017-1000135

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
Categories: Security News

CVE-2017-1000136

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
Categories: Security News

CVE-2017-1000137

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
Categories: Security News

CVE-2017-1000138

National Vulnerability Database - Fri, 11/03/2017 - 14:29
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
Categories: Security News

Pages