Day: 17 julio, 2019

More info: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

by Michael Hawkins. Teachers in a quiz group could modify group overrides for other groups in the same quiz.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:Charl NelCVE identifier:CVE-2019-10188Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34411Tracker issue:MDL-34411 Quiz group overrides did not observe groups membership or More info: https://moodle.org/mod/forum/discuss.php?d=388569&parent=1566331

by Michael Hawkins. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:Callum CarneyCVE identifier:CVE-2019-10186Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53689Tracker issue:MDL-53689 Missing sesskey (CSRF) token in loading/unloading xml files More info: https://moodle.org/mod/forum/discuss.php?d=388567&parent=1566329

by Michael Hawkins. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:Peter DiasCVE identifier:CVE-2019-10187Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64623Tracker issue:MDL-64623 Ability to delete More info: https://moodle.org/mod/forum/discuss.php?d=388568&parent=1566330

by Michael Hawkins. Teachers in an assignment group could modify group overrides for other groups in the same assignment.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:David MonllaóCVE identifier:CVE-2019-10189Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61114Tracker issue:MDL-61114 Assignment group overrides did not observe More info: https://moodle.org/mod/forum/discuss.php?d=388570&parent=1566332

http://feedproxy.google.com/~r/sucuri/blog/~3/WFfqeg0Za4M/the-cost-of-a-hacked-website-survey.html As part of our commitment to the website security community, we want to know the true impacts of a website compromise from the owner’s perspective. If you are a business that has dealt with any type of website attack, your participation in this six-minute survey will help us improve our services and support website […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/WFfqeg0Za4M/the-cost-of-a-hacked-website-survey.html

Multiple security issues have been found in Thunderbird which couldpotentially result in the execution of arbitrary code, cross-sitescripting, spoofing, information disclosure, denial of service orcross-site request forgery. More info: https://www.debian.org/security/2019/dsa-4482

https://www.wordfence.com/blog/2019/07/critical-vulnerability-patched-in-ad-inserter-plugin/ Description: Authenticated Remote Code ExecutionAffected Plugin: Ad InserterAffected Versions: <= 2.4.21CVSS Score: 9.9 (Critical)CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites. The weakness allowed authenticated users (Subscribers and More info: https://www.wordfence.com/blog/2019/07/critical-vulnerability-patched-in-ad-inserter-plugin/

Linux kernel vulnerability CVE-2019-11599 Security Advisory Security Advisory Description The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to ... More info: https://support.f5.com/csp/article/K51674118

Linux kernel vulnerability CVE-2019-11599 Security Advisory Security Advisory Description The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to ... More info: https://support.f5.com/csp/article/K51674118