von Michael Hawkins. Permission overrides on individual blocks in the system dashboard did not cascade to user dashboards.Severity/Risk:MinorVersions affected:4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23Reported by:Bas HarkinkCVE identifier:CVE-2023-40318Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78340Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=449642&parent=1807044
von Michael Hawkins. It was possible to escalate stored self-XSS to stored XSS where users login via OAuth 2.Severity/Risk:SeriousVersions affected:4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23Reported by:Yaniv Nizry (SonarSource)CVE identifier:CVE-2023-40320Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78685Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=449644&parent=1807048
On October 11, 2023, cURL released Version 8.4.0 of the cURL utility and the libcurl library. This release addressed two security vulnerabilities: CVE-2023-38545 – High Security Impact Rating (SIR) CVE-2023-38546 – Low SIR This advisory covers CVE-2023-38545 only. For more information about this vulnerability, see the cURL advisory. This advisory is available at the following
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=cURL%20and%20libcurl%20%20Vulnerability%20Affecting%20Cisco%20Products:%20October%202023&vs_k=1
Security Advisory Description By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode ...
More info:
https://my.f5.com/manage/s/article/K000137229?utm_source=f5support&utm_medium=RSS
On October 11, 2023, cURL released Version 8.4.0 of the cURL utility and the libcurl library. This release addressed two security vulnerabilities: CVE-2023-38545 – High Security Impact Rating (SIR) CVE-2023-38546 – Low SIR This advisory covers CVE-2023-38545 only. For more information about CVE-2023-38545, see the cURL advisory. This advisory is available at the following
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=cURL%20and%20libcurl%20%20Vulnerability%20Affecting%20Cisco%20Products:%20October%202023&vs_k=1
Security Advisory Description ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer ...
More info:
https://my.f5.com/manage/s/article/K19559038?utm_source=f5support&utm_medium=RSS
Security Advisory Description Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to ...
More info:
https://my.f5.com/manage/s/article/K73422160?utm_source=f5support&utm_medium=RSS
Security Advisory Description Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via ...
More info:
https://my.f5.com/manage/s/article/K87351324?utm_source=f5support&utm_medium=RSS
Security Advisory Description Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege ...
More info:
https://my.f5.com/manage/s/article/K55051330?utm_source=f5support&utm_medium=RSS
Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then ...
More info:
https://my.f5.com/manage/s/article/K61903372?utm_source=f5support&utm_medium=RSS
