Linux kernel vulnerability CVE-2020-14331 Security Advisory Security Advisory Description A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when ...
More info:
https://support.f5.com/csp/article/K10429441?utm_source=f5support&utm_medium=RSS
Today, at RSA Conference 2021, Cyber Defense Magazine named VMware Security a winner in its 9th Annual Global InfoSec Awards in the following categories: “Most Innovative in Endpoint Security” for VMware Carbon Black Cloud “Market Leader in Firewall” for VMware NSX Service-defined Firewall “VMware Security embodies three major features we judges look for to The post Live from RSA Conference 2021: VMware Named Winner in Global Infosec Awards appeared first on
More info:
https://blogs.vmware.com/security/2021/05/live-from-rsa-conference-2021-vmware-named-winner-in-global-infosec-awards.html?utm_source=rss&utm_medium=rss&utm_campaign=live-from-rsa-conference-2021-vmware-named-winner-in-global-infosec-awards
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11125&actp=RSS
On February 2, 2021, our Threat Intelligence team responsibly disclosed the details of a vulnerability in External Media, a WordPress plugin used by over 8,000 sites. This flaw made it possible for authenticated users, such as subscribers, to upload arbitrary files on any site running the plugin. This vulnerability could be used to achieve remote […]
More info:
https://www.wordfence.com/blog/2021/05/critical-vulnerability-patched-in-external-media-plugin/
The WordPress team released WordPress 5.7.2. This version features one security fix: Object injection in PHPMailer Fix: This vulnerability was originally discovered in versions before 5.2.27 and 6.x before 6.0.6 […]
More info:
https://pagely.com/blog/wordpress-5-7-2-security-release/
by Michael Hawkins. Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances.Severity/Risk:SeriousVersions affected:3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8Versions fixed:3.11, 3.10.4, 3.9.7 and 3.8.9Reported by:Daniel KonradWorkaround:Remove the Export Forum (mod/forum:exportforum) capability from non-admin roles/users until the patch has been applied.CVE identifier:CVE-2021-32472Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=422305&parent=1701629
On May 13, 2021 01:00 UTC, WordPress core released a security patch for a Critical Object Injection vulnerability in PHPMailer, the component that WordPress uses to send emails by default. If your site is set to allow auto updating of minor point releases, your site has probably already updated to WordPress 5.7.2. While we do […]
More info:
https://www.wordfence.com/blog/2021/05/wordpress-5-7-2-security-release-what-you-need-to-know/
by Michael Hawkins. An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair.Severity/Risk:SeriousVersions affected:3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versionsVersions fixed:3.11, 3.10.4, 3.9.7, 3.8.9 and 3.5.18Reported by:Rekter0CVE identifier:CVE-2021-32474Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=422308&parent=1701632
by Michael Hawkins. It was possible for a student to view their quiz grade before it had been released, using a quiz web service.Severity/Risk:SeriousVersions affected:3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versionsVersions fixed:3.11, 3.10.4, 3.9.7, 3.8.9 and 3.5.18Reported by:Nadav KavalerchikCVE identifier:CVE-2021-32473Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-70720Tracker issue:MDL-70720
More info:
https://moodle.org/mod/forum/discuss.php?d=422307&parent=1701631
by Michael Hawkins. ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.Severity/Risk:MinorVersions affected:3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versionsVersions fixed:3.11, 3.10.4, 3.9.7, 3.8.9 and 3.5.18Reported by:Paul HoldenCVE identifier:CVE-2021-32475Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71130Tracker issue:MDL-71130 Stored
More info:
https://moodle.org/mod/forum/discuss.php?d=422309&parent=1701633
