Greetings from the VMware Security Response Center! We wanted to make you aware that AMD has released a security bulletin entitled ‘Shader Functionality Remote Code Execution‘ which documents remediation for CVE-2019-5049. This vulnerability has been shown to affect VMware Workstation and, as the article mentions, updated graphics drivers are available on the AMD support page. The post AMD Display Driver Security Updates address CVE-2019-5685 appeared first on Security &
More info:
https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html
Multiple security issues have been found in Thunderbird which couldpotentially result in the execution of arbitrary code, cross-sitescripting, information disclosure and a covert content attack on S/MIMEencryption using a crafted multipart/alternative message.
More info:
https://www.debian.org/security/2019/dsa-4523
Multiple security issues have been found in Thunderbird which couldpotentially result in the execution of arbitrary code, cross-sitescripting, information disclosure and a covert content attack on S/MIMEencryption using a crafted multipart/alternative message.
More info:
https://www.debian.org/security/2019/dsa-4523
by Michael Hawkins. Users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role.Severity/Risk:MinorVersions affected:3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versionsVersions fixed:3.7.2, 3.6.6 and 3.5.8Reported by:Andrew NicolsCVE identifier:CVE-2019-14828Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=391031&parent=1576205
by Michael Hawkins. The mobile launch endpoint contained an open redirect in some circumstances, which could result in a users mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").Severity/Risk:SeriousVersions affected:3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versionsVersions fixed:3.7.2, 3.6.6 and 3.5.8Reported by:Frederik Schou
More info:
https://moodle.org/mod/forum/discuss.php?d=391036&parent=1576214
by Michael Hawkins. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates.Severity/Risk:SeriousVersions affected:3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versionsVersions fixed:3.7.2, 3.6.6 and 3.5.8Reported by:Sam Hemelryk, Andrew NicolsCVE identifier:CVE-2019-14827Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=391030&parent=1576204
by Michael Hawkins. The analytics Python Machine Learning backend has received some security fixes, resulting in the required PIP package version being increased. (Note: Sites using the PHP ML backend, or not using analytics are not affected)Severity/Risk:MinorVersions affected:3.7 to 3.7.1, 3.6 to 3.6.5 and 3.5 to 3.5.7 and earlier unsupported versionsVersions fixed:3.7.2, 3.6.6 and 3.5.8Reported by:David MonllaóCVE identifier:N/AChanges
More info:
https://moodle.org/mod/forum/discuss.php?d=391032&parent=1576208
https://wpvulndb.com/vulnerabilities/9880
More info:
https://wpvulndb.com/vulnerabilities/9880
by Michael Hawkins. If a forums subscription mode was set to "forced subscription", the forums subscribe link contained an open redirect.Severity/Risk:MinorVersions affected:3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versionsVersions fixed:3.7.2, 3.6.6 and 3.5.8Reported by:John CouzinsWorkaround:Set a different subscription mode (eg optional or auto) on forums until the patch is applied.CVE identifier:CVE-2019-14831Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=391037&parent=1576215
https://wpengine.com/blog/gdpr-lessons-learned/It’s been more than a year since the General Data Protection Regulation (GDPR)went into effect in the EU. While this series of data privacy and protection laws apply to citizens of the EU, any global organization that holds or processes EU resident data is subject to GDPR regulation. It’s clear that GDPR has and will… […]
More info:
https://wpengine.com/blog/gdpr-lessons-learned/
