by Michael Hawkins. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.Severity/Risk:SeriousVersions affected:3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versionsVersions fixed:3.11.4, 3.10.8 and 3.9.11Reported by:starlabs_sgCVE identifier:CVE-2021-43558Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72571Tracker issue:MDL-72571 Reflected XSS in
More info:
https://moodle.org/mod/forum/discuss.php?d=429097&parent=1726802
by Michael Hawkins. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.Severity/Risk:SeriousVersions affected:3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versionsVersions fixed:3.11.4, 3.10.8 and 3.9.11Reported by:ostapbenderCVE identifier:CVE-2021-43559Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72370Tracker issue:MDL-72370 CSRF risk on delete
More info:
https://moodle.org/mod/forum/discuss.php?d=429099&parent=1726805
Ansible Engine vulnerability CVE-2020-14365 Security Advisory Security Advisory Description A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x ...
More info:
https://support.f5.com/csp/article/K52013062?utm_source=f5support&utm_medium=RSS
by Michael Hawkins. Insufficient capability checks made it possible to fetch other users calendar action events.Severity/Risk:MinorVersions affected:3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versionsVersions fixed:3.11.4, 3.10.8 and 3.9.11Reported by:0xkasperCVE identifier:CVE-2021-43560Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71918Tracker issue:MDL-71918 IDOR in a calendar web service allows fetching of
More info:
https://moodle.org/mod/forum/discuss.php?d=429100&parent=1726807
Apache DB DdlUtils vulnerability CVE-2021-41616 Security Advisory Security Advisory Description Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating ...
More info:
https://support.f5.com/csp/article/K14234227?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2021-34866 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
More info:
https://support.f5.com/csp/article/K73370428?utm_source=f5support&utm_medium=RSS
Tom Kellermann, Head of Cybersecurity at VMware, sits down with Errol Weiss Chief Security Officer of Health Information Sharing & Analysis Center (@Health-ISAC) for a compelling discussion on strategies to empower today’s CSO. Watch the full video to hear all the insights. Be sure to also read “CISO Empowerment” by Tom Kellermann. The post Strategies for Empowering a CSO: Video Discussion with Errol Weiss and Tom Kellermann appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2021/11/strategies-for-empowering-a-cso-video-discussion-with-errol-weiss-and-tom-kellermann.html?utm_source=rss&utm_medium=rss&utm_campaign=strategies-for-empowering-a-cso-video-discussion-with-errol-weiss-and-tom-kellermann
NGINX Ingress Controller vulnerability CVE-2021-23055 Security Advisory Security Advisory Description The command line restriction that controls snippet use with NGINX Ingress Controller does not ...
More info:
https://support.f5.com/csp/article/K01051452?utm_source=f5support&utm_medium=RSS
GO vulnerability CVE-2021-3114 Security Advisory Security Advisory Description In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an ...
More info:
https://support.f5.com/csp/article/K15405135?utm_source=f5support&utm_medium=RSS
PHP vulnerability CVE-2021-21703 Security Advisory Security Advisory Description In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM ...
More info:
https://support.f5.com/csp/article/K17839423?utm_source=f5support&utm_medium=RSS
