Month: marzo 2020

von Michael Hawkins. Users viewing the grade history report without the access all groups capability were not restricted to viewing grades of users within their own groups.Severity/Risk:MinorVersions affected:3.8 to 3.8.1, 3.7 to 3.7.4, 3.6 to 3.6.8, 3.5 to 3.5.10 and earlier unsupported versionsVersions fixed:3.8.2, 3.7.5, 3.6.9 and 3.5.11Reported by:Tim HuntCVE identifier:CVE-2020-1754Changes More info: https://moodle.org/mod/forum/discuss.php?d=398350&parent=1606854

von Michael Hawkins. Insufficient input escaping was applied to the PHP unit webrunner admin tool.NOTE: It is important to note that this update is only flagged as a precautionary measure, as it may provide limited CLI access to Moodle site admins. This may be considered a security risk in circumstances where admins do not ordinarily have access to the server CLI and/or in some hosting situations where site admins are not considered trusted users. This tool will also be removed entirely from More info: https://moodle.org/mod/forum/discuss.php?d=398352&parent=1606856

https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/ On February 28, 2020, the Wordfence Threat Intelligence team became aware of a newly patched stored Cross-Site Scripting (XSS) vulnerability in IMPress for IDX Broker, a WordPress plugin with over 10,000 installations. Although all Wordfence users, including those still using the free version of Wordfence, were already protected from this vulnerability by the Web […] More info: https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/

https://www.wpsecurityauditlog.com/wordpress-admin/wordpress-activity-logs-newbies/ WordPress activity logs help site administrators better manage their WordPress websites and users, and keep them secure. Activity logs are also very helpful in a post hack scenario, to identify the source of the attack. If you are new to WordPress activity logs, this article is for you. We will explain what activity logs […] More info: https://www.wpsecurityauditlog.com/wordpress-admin/wordpress-activity-logs-newbies/

Intel product vulnerabilities CVE-2020-0550 and CVE-2020-0551 Security Advisory Security Advisory Description CVE-2020-0550 Improper data forwarding in some data cache for some Intel(R) Processors ... More info: https://support.f5.com/csp/article/K94552980?utm_source=f5support&utm_medium=RSS

BIG-IP HTTP/3 QUIC vulnerability CVE-2020-5859 Security Advisory Security Advisory Description Specially formatted HTTP/3 messages may cause the Traffic Management Microkernel (TMM) to produce a ... More info: https://support.f5.com/csp/article/K61367237?utm_source=f5support&utm_medium=RSS

BIG-IP AWS vulnerability CVE-2020-5862 Security Advisory Security Advisory Description Under certain conditions, while sending traffic, the Traffic Management Microkernel (TMM) may produce a core ... More info: https://support.f5.com/csp/article/K01054113?utm_source=f5support&utm_medium=RSS

BIG-IP TMM Ram Cache vulnerability CVE-2020-5861 Security Advisory Security Advisory Description The TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored ... More info: https://support.f5.com/csp/article/K22113131?utm_source=f5support&utm_medium=RSS

BIG-IP tmsh vulnerability CVE-2020-5858 Security Advisory Security Advisory Description Users with non-administrator roles (for example, Guest or Resource Administrator) with TMOS Shell (tmsh) ... More info: https://support.f5.com/csp/article/K36814487?utm_source=f5support&utm_medium=RSS

BIG-IP HTTP profile vulnerability CVE-2020-5857 Security Advisory Security Advisory Description Undisclosed HTTP behavior may lead to a denial of service. (CVE-2016-5857) Impact This vulnerability ... More info: https://support.f5.com/csp/article/K70275209?utm_source=f5support&utm_medium=RSS