Blog

https://wpvulndb.com/vulnerabilities/9458 More info: https://wpvulndb.com/vulnerabilities/9458

https://wpvulndb.com/vulnerabilities/9457 More info: https://wpvulndb.com/vulnerabilities/9457

Project: Drupal coreDate: 2019-July-17Security risk: Critical 17∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassCVE IDs: CVE-2019-6342Description: In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are not More info: https://www.drupal.org/sa-core-2019-008

More info: https://wpvulndb.com/vulnerabilities/9461

More info: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

by Michael Hawkins. Teachers in a quiz group could modify group overrides for other groups in the same quiz.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:Charl NelCVE identifier:CVE-2019-10188Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34411Tracker issue:MDL-34411 Quiz group overrides did not observe groups membership or More info: https://moodle.org/mod/forum/discuss.php?d=388569&parent=1566331

by Michael Hawkins. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:Callum CarneyCVE identifier:CVE-2019-10186Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53689Tracker issue:MDL-53689 Missing sesskey (CSRF) token in loading/unloading xml files More info: https://moodle.org/mod/forum/discuss.php?d=388567&parent=1566329

by Michael Hawkins. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:Peter DiasCVE identifier:CVE-2019-10187Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64623Tracker issue:MDL-64623 Ability to delete More info: https://moodle.org/mod/forum/discuss.php?d=388568&parent=1566330

by Michael Hawkins. Teachers in an assignment group could modify group overrides for other groups in the same assignment.Severity/Risk:MinorVersions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versionsVersions fixed:3.7.1, 3.6.5 and 3.5.7Reported by:David MonllaóCVE identifier:CVE-2019-10189Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61114Tracker issue:MDL-61114 Assignment group overrides did not observe More info: https://moodle.org/mod/forum/discuss.php?d=388570&parent=1566332

http://feedproxy.google.com/~r/sucuri/blog/~3/WFfqeg0Za4M/the-cost-of-a-hacked-website-survey.html As part of our commitment to the website security community, we want to know the true impacts of a website compromise from the owner’s perspective. If you are a business that has dealt with any type of website attack, your participation in this six-minute survey will help us improve our services and support website […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/WFfqeg0Za4M/the-cost-of-a-hacked-website-survey.html