Month: julio 2022

di Michael Hawkins. Global search results could include author information on some activities where a user may not otherwise have access to it.Severity/Risk:MinorVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and 3.9.14Reported by:CatalinaCVE identifier:CVE-2022-30598Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623Tracker issue:MDL-71623 Global More info: https://moodle.org/mod/forum/discuss.php?d=434580&parent=1748724

di Michael Hawkins. An SQL injection risk was identified in Badges code relating to configuring criteria.NOTE: in Moodle 4.0, 3.11.6, 3.10.10 and 3.9.13, access to this vulnerability was available to site administrators only. In earlier versions, access to the relevant capability was also limited to teachers and managers by default.Severity/Risk:SeriousVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and More info: https://moodle.org/mod/forum/discuss.php?d=434581&parent=1748725

di Michael Hawkins. An issue in the logic used to count failed login attempts could result in the account lockout threshold being bypassed.Severity/Risk:SeriousVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and 3.9.14Reported by:Shamim RezaieCVE identifier:CVE-2022-30600Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736Tracker issue:MDL-73736 More info: https://moodle.org/mod/forum/discuss.php?d=434582&parent=1748726

Apache HTTPD vulnerability CVE-2022-29404 Security Advisory Security Advisory Description In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) ... More info: https://support.f5.com/csp/article/K29735525?utm_source=f5support&utm_medium=RSS

Apache HTTPD vulnerability CVE-2022-30556 Security Advisory Security Advisory Description Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point ... More info: https://support.f5.com/csp/article/K69309752?utm_source=f5support&utm_medium=RSS

Intel CPU vulnerability CVE-2022-21180 Security Advisory Security Advisory Description Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a ... More info: https://support.f5.com/csp/article/K13335141?utm_source=f5support&utm_medium=RSS

Computer networks have become larger, more complex, and highly dynamic. Similarly, the tactics, techniques, and procedures (TTPs) adopted by powerful adversaries often backed by nation-states have evolved, creating challenges for security administrator and SOC analysts, who must make sense of the flood of data and alerts produced by security tools. Since attacks have the inherent … ContinuedThe post Lateral Movement in the Real World: A Quantitative Analysis appeared first on VMware More info: https://blogs.vmware.com/security/2022/06/lateral-movement-in-the-real-world-a-quantitative-analysis.html?utm_source=rss&utm_medium=rss&utm_campaign=lateral-movement-in-the-real-world-a-quantitative-analysis