Intel CPU vulnerability CVE-2021-0144 Security Advisory Security Advisory Description Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to ...
More info:
https://support.f5.com/csp/article/K08593253?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2020-27786 Security Advisory Security Advisory Description A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and ...
More info:
https://support.f5.com/csp/article/K01249564?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2017-10661 Security Advisory Security Advisory Description Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or ...
More info:
https://support.f5.com/csp/article/K04337834?utm_source=f5support&utm_medium=RSS
Linux kernel Voice Over IP H.323 vulnerability CVE-2020-14305 Security Advisory Security Advisory Description An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice ...
More info:
https://support.f5.com/csp/article/K00194184?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2020-16119 Security Advisory Security Advisory Description Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP ...
More info:
https://support.f5.com/csp/article/K82248373?utm_source=f5support&utm_medium=RSS
Linux-PAM vulnerability CVE-2020-27780 Security Advisory Security Advisory Description A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non- ...
More info:
https://support.f5.com/csp/article/K28116312?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2021-November-17Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to
More info:
https://www.drupal.org/sa-core-2021-011
The VMware Threat Analysis Unit (TAU) continually monitors the latest threats and attacks affecting our customers and businesses worldwide. For years, TAU has reversed and emulated the network Command and Control (C2) protocols of high-profile malware families, especially used for cyber espionage, in order to discover active C2 servers on the Internet. One family that TAU has tracked for years is Winnti 4.0 malware. TAU reported last year The post Monitoring Winnti 4.0 C2 Servers for Two Years
More info:
https://blogs.vmware.com/security/2021/11/monitoring-winnti-4-0-c2-servers-for-two-years.html?utm_source=rss&utm_medium=rss&utm_campaign=monitoring-winnti-4-0-c2-servers-for-two-years
by Michael Hawkins. A remote code execution risk when restoring backup files was identified.Severity/Risk:SeriousVersions affected:3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versionsVersions fixed:3.11.4, 3.10.8 and 3.9.11Reported by:Paul HoldenCVE identifier:CVE-2021-3943Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-70823Tracker issue:MDL-70823 Remote code execution risk when restoring malformed backup file
More info:
https://moodle.org/mod/forum/discuss.php?d=429095&parent=1726798
by Michael Hawkins. The upstream Moodle machine learning backend and its reference in /lib/mlbackend/python/classes/processor.php were upgraded, which includes some security updates.Please note: If you are using Moodle Analytics, an upgrade to the mlbackend is required. See the Analytics settings documentation for more information about required versions and how to upgrade.Severity/Risk: Minor Versions affected: 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions
More info:
https://moodle.org/mod/forum/discuss.php?d=429096&parent=1726799
