by Michael Hawkins. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.Severity/Risk:MinorVersions affected:3.6 to 3.6.3, 3.5 to 3.5.5, 3.4 to 3.4.8, 3.1 to 3.1.17 and earlier unsupported versionsVersions fixed:3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18Reported by:Lindon WassCVE identifier:CVE-2019-10133Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64708Tracker issue:MDL-64708 Open redirect in upload
More info:
https://moodle.org/mod/forum/discuss.php?d=386523&parent=1557997
by Michael Hawkins. A web service fetching messages was not restricted to the current users conversations.Severity/Risk:SeriousVersions affected:3.6 to 3.6.3Versions fixed:3.7, 3.6.4Reported by:Mazen GamalWorkaround:Disable the messaging system until the fix is applied.CVE identifier:CVE-2019-10132Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-65365Tracker issue:MDL-65365 All messaging conversations could be viewed
More info:
https://moodle.org/mod/forum/discuss.php?d=386521&parent=1557995
INTEL-SA-00252 - Intel Driver & Support Assistant version 19.3.12.3 and before vulnerability CVE-2019-11095 Security Advisory Security Advisory Description Insufficient access control in Intel(R) ...
More info:
https://support.f5.com/csp/article/K05525310
https://perishablepress.com/bluehost-sitelock/ Apparently, Bluehost partnered with a company called SiteLock sometime last year. Supposedly Sitelock is a “website scanner that proactively checks for malicious threats and vulnerabilities”. I guess the service operates on Bluehost servers, and today they sent a scary email letting me know that “malware was detected” on my Bluehost site. Here’s the thing […]
More info:
https://perishablepress.com/bluehost-sitelock/
More info:
https://wpvulndb.com/vulnerabilities/9277
https://www.wordfence.com/blog/2019/05/podcast-episode-14-interview-with-trauma-surgeon-and-plugin-dev-andy-fragen/ Dr. Andy Fragen is a trauma/acute care surgeon as well as a prolific WordPress plugin author. One of his plugins, GitHub Updater, allows you to host WordPress plugins and themes on GitHub instead of WordPress.org. Andy supports numerous WordCamps and is an active member of the WordPress community in southern California. I had […]
More info:
https://www.wordfence.com/blog/2019/05/podcast-episode-14-interview-with-trauma-surgeon-and-plugin-dev-andy-fragen/
INTEL-SA-00251 - Intel NUC Firmware vulnerability CVE-2019-11094 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual ...
More info:
https://support.f5.com/csp/article/K69734255
Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an ...
More info:
https://support.f5.com/csp/article/K97035296
Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130 Security Advisory Security Advisory Description Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some ...
More info:
https://support.f5.com/csp/article/K80159635
Multiple researchers have discovered vulnerabilities in the way theIntel processor designs have implemented speculative forwarding of datafilled into temporary microarchitectural structures (buffers). Thisflaw could allow an attacker controlling an unprivileged process toread sensitive information, including from the kernel and all otherprocesses running on the system or cross guest/host boundaries to readhost memory.
More info:
https://www.debian.org/security/2019/dsa-4444
