by Michael Hawkins. If the upload course tool was used to delete an enrolment method which did not exist or was not already enabled, the tool would erroneously enable that enrolment method. This could lead to unintended users gaining access to the course.Severity/Risk:MinorVersions affected:3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8 and 3.5 to 3.5.14 and earlier unsupported versionsVersions fixed:3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15Reported by:Víctor Déniz
More info:
https://moodle.org/mod/forum/discuss.php?d=413939&parent=1668774
by Michael Hawkins. It was possible to include JavaScript when re-naming content bank items.Severity/Risk:MinorVersions affected:3.9 to 3.9.2Versions fixed:3.10, 3.9.3Reported by:DegrangeMCVE identifier:CVE-2020-25702Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69046Tracker issue:MDL-69046 Stored XSS possible when renaming content bank items
More info:
https://moodle.org/mod/forum/discuss.php?d=413940&parent=1668775
by Michael Hawkins. The participants table download always included user emails, but should have only done so when users emails are not hidden.Severity/Risk:MinorVersions affected:3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8Versions fixed:3.10, 3.9.3, 3.8.6 and 3.7.9Reported by:A. SchenkelCVE identifier:CVE-2020-25703Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69844Tracker issue:MDL-69844 The participants table download feature did not
More info:
https://moodle.org/mod/forum/discuss.php?d=413941&parent=1668777
Throughout 2020, Firefox users have been seeing fewer secure connection errors while browsing the Web. We’ve been improving connection errors overall for some time, and a new feature called Intermediate … Read moreThe post Preloading Intermediate CA Certificates into Firefox appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2020/11/13/preloading-intermediate-ca-certificates-into-firefox/
OpenSMTPD vulnerability CVE-2020-7247 Security Advisory Security Advisory Description smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote ...
More info:
https://support.f5.com/csp/article/K34931053?utm_source=f5support&utm_medium=RSS
OpenSMTPD vulnerability CVE-2020-7247 Security Advisory Security Advisory Description smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote ...
More info:
https://support.f5.com/csp/article/K34931053?utm_source=f5support&utm_medium=RSS
Zoom has become a household name for most living and working through the global pandemic. A leading video-first unified communications platform, Zoom helps organizations and their distributed workforces stay connected. It helps ensure employee productivity and security regardless of work location or device. Recent data shows1 that there has been a 70% or more increase The post Zoom Trusts VMware to Securely Support its Distributed Workforce appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/10/zoom-trusts-vmware-to-securely-support-its-distributed-workforce.html?utm_source=rss&utm_medium=rss&utm_campaign=zoom-trusts-vmware-to-securely-support-its-distributed-workforce
GNU Binutils vulnerability CVE-2019-9077 Security Advisory Security Advisory Description An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific ...
More info:
https://support.f5.com/csp/article/K00056379?utm_source=f5support&utm_medium=RSS
During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into the database of a Magento site. The first 109 lines of the malware don’t contain any content, which could be an attempt to avoid detection […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/SIGQvVPz6JU/another-credit-card-stealer-that-pretends-to-be-sucuri.html
Expat XML parser vulnerability CVE-2012-6702 Security Advisory Security Advisory Description Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it ...
More info:
https://support.f5.com/csp/article/K65460334?utm_source=f5support&utm_medium=RSS
