Blog

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11176&actp=RSS

OpenSSL vulnerability CVE-2022-0778 Security Advisory Security Advisory Description The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop ... More info: https://support.f5.com/csp/article/K31323265?utm_source=f5support&utm_medium=RSS

Since the Colonial Pipeline attack last year, we have known that additional cyberattacks targeting the energy sector were likely. Against the backdrop of today’s geopolitical crisis, however, VMware believes that all critical infrastructure providers should operate under the assumption that targeted attacks using destructive malware are imminent. Securing internet-facing systems and testing incident response readiness … ContinuedThe post Defending Against Destructive Attacks More info: https://blogs.vmware.com/security/2022/03/defending-against-destructive-attacks-targeting-energy-and-utilities.html?utm_source=rss&utm_medium=rss&utm_campaign=defending-against-destructive-attacks-targeting-energy-and-utilities

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11139&actp=RSS

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11130&actp=RSS

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11162&actp=RSS

Project: Drupal coreDate: 2022-March-21Security risk: Moderately critical 11∕25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Third-party librariesCVE IDs: CVE-2022-24775Description: Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which may affect some Drupal sites.We are issuing this security advisory outside our regular Drupal security release window schedule More info: https://www.drupal.org/sa-core-2022-006

Kibana vulnerability CVE-2019-7609 Security Advisory Security Advisory Description Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An ... More info: https://support.f5.com/csp/article/K54184111?utm_source=f5support&utm_medium=RSS

by Michael Hawkins. An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.NOTE: Please pay particular attention to this fix. Information was recently released online about this vulnerability by third parties, so please upgrade or patch as soon as you are able to. We prepared the patch for this as soon as we became aware of the issue, to ensure a fix was available for this release.It More info: https://moodle.org/mod/forum/discuss.php?d=432947&parent=1742073

by Michael Hawkins. Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.Severity/Risk:MinorVersions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versionsVersions fixed:3.11.6, 3.10.10 and 3.9.13Reported by:Chris PrattWorkaround:Remove the moodle/site:uploadusers capability from users who do not also have the moodle/user:delete capability, until More info: https://moodle.org/mod/forum/discuss.php?d=432948&parent=1742074