by Michael Hawkins. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.Severity/Risk:SeriousVersions affected:3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versionsVersions fixed:3.11.5, 3.10.9 and 3.9.12Reported by:OstapbenderCVE identifier:CVE-2022-0335Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72367Tracker issue:MDL-72367 CSRF risk in badge
More info:
https://moodle.org/mod/forum/discuss.php?d=431103&parent=1734817
Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross site scriptingDescription: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life.Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. In addition to the issue covered by SA-CORE-2022-001, further security vulnerabilities
More info:
https://www.drupal.org/sa-core-2022-002
BIG-IP VE vulnerability CVE-2022-23030 Security Advisory Security Advisory Description When the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel ...
More info:
https://support.f5.com/csp/article/K53442005?utm_source=f5support&utm_medium=RSS
Geo-political tension is metastasizing in cyberspace. Last week, CISA, the NSA and FBI issued an unprecedented advisory on imminent Russian cyberattack campaigns detailing the modus operandi of these groups. Destructive cyberattack campaigns are being spawned by Russian cyber-militias. Microsoft discovered DEV-0586 a master boot record (MBR) Wiper that is detonating within Ukrainian government agency networks. The post Defending from Within appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/01/defending-from-within.html?utm_source=rss&utm_medium=rss&utm_campaign=defending-from-within
Linux kernel vulnerability CVE-2021-3653 Security Advisory Security Advisory Description A flaw was found in the KVMs AMD code for supporting SVM nested virtualization. The flaw occurs when ...
More info:
https://support.f5.com/csp/article/K11546763?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2021-37576 Security Advisory Security Advisory Description arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest ...
More info:
https://support.f5.com/csp/article/K39029022?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2021-3656 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
More info:
https://support.f5.com/csp/article/K80212034?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issue that may
More info:
https://www.drupal.org/sa-core-2022-001
More info:
https://www.oracle.com/security-alerts/cpujan2022.html
Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issue that may
More info:
https://www.drupal.org/sa-core-2022-001
