Blog

by Michael Hawkins. Insufficient sanitizing of loaders used by TinyMCE resulted in an arbitrary folder creation risk.Severity/Risk:SeriousVersions affected:4.1 to 4.1.2Versions fixed:4.1.3Reported by:Yaniv Nizry (SonarSource)CVE identifier:CVE-2023-30943Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718Tracker issue:MDL-77718 TinyMCE loaders susceptible to Arbitrary Folder Creation More info: https://moodle.org/mod/forum/discuss.php?d=446285&parent=1793613

by Michael Hawkins. A limited SQL injection risk was identified in functionality used by the Wiki activity when listing pages.Severity/Risk:MinorVersions affected:4.1 to 4.1.2, 4.0 to 4.0.7, 3.11 to 3.11.13, 3.9 to 3.9.20 and earlier unsupported versionsVersions fixed:4.1.3, 4.0.8, 3.11.14 and 3.9.21Reported by:Paul HoldenCVE identifier:CVE-2023-30944Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187Tracker issue:MDL-77187 Minor SQL More info: https://moodle.org/mod/forum/discuss.php?d=446286&parent=1793614

Security Advisory Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy ... More info: https://my.f5.com/manage/s/article/K000133706?utm_source=f5support&utm_medium=RSS

Security Advisory Description When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very ... More info: https://my.f5.com/manage/s/article/K000133710?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2023-21964 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, ... More info: https://my.f5.com/manage/s/article/K000133699?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2023-21929 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily ... More info: https://my.f5.com/manage/s/article/K000133694?utm_source=f5support&utm_medium=RSS

Security Advisory Description The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed ... More info: https://my.f5.com/manage/s/article/K000133692?utm_source=f5support&utm_medium=RSS

Security Advisory Description multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able ... More info: https://my.f5.com/manage/s/article/K000133615?utm_source=f5support&utm_medium=RSS

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IP%20Phone%207800%20and%208800%20Series%20Cisco%20Discovery%20Protocol%20Stack%20Overflow%20Vulnerability&vs_k=1

Security Advisory Description An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious ... More info: https://my.f5.com/manage/s/article/K000133686?utm_source=f5support&utm_medium=RSS