Imagine walking into an ecstatic party pumping with great beats and the happy hum that is 100 fellow guests and yelling “Show me your hands people if you’re having a good time!” Imagine a sea of hands waving and fist-pumping as those 100 people share their love of being there with you. Sounds like the … ContinuedThe post Putting People first in the Modernized SOC: XDR and the Analyst Experience appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/11/putting-people-first-in-the-modernized-soc-xdr-and-the-analyst-experience.html?utm_source=rss&utm_medium=rss&utm_campaign=putting-people-first-in-the-modernized-soc-xdr-and-the-analyst-experience
OpenJDK vulnerability CVE-2021-2161 Security Advisory Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE ( ...
More info:
https://support.f5.com/csp/article/K25401610?utm_source=f5support&utm_medium=RSS
NGINX NJS vulnerability CVE-2022-43286 Security Advisory Security Advisory Description Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the ...
More info:
https://support.f5.com/csp/article/K80055530?utm_source=f5support&utm_medium=RSS
от Michael Hawkins. The mobile auto-login URL required additional sanitizing to prevent an open redirect risk.Severity/Risk:MinorVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:petermasterCVE identifier:CVE-2022-35652Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72171Tracker issue:MDL-72171 Open redirect risk in mobile auto-login
More info:
https://moodle.org/mod/forum/discuss.php?d=436459&parent=1756387
от Michael Hawkins. A minor reflected XSS risk was identified in the LTI module. This did not impact authenticated users.Severity/Risk:MinorVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Luuk VerhoevenCVE identifier:CVE-2022-35653Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299Tracker issue:MDL-72299 LTI module reflected XSS
More info:
https://moodle.org/mod/forum/discuss.php?d=436460&parent=1756388
от Michael Hawkins. The upstream Moodle machine learning backend and its reference in /lib/mlbackend/python/classes/processor.php were upgraded, which includes some security updates. Please note:If you are using Moodle Analytics, an upgrade to the mlbackend is required. See the Analytics settings documentation for more information about required versions and how to upgrade.Severity/Risk:MinorVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported
More info:
https://moodle.org/mod/forum/discuss.php?d=436461&parent=1756389
от Michael Hawkins. The Mustache template library included with Moodle has been upgraded to the latest version, which includes a fix for a serious security issue.Severity/Risk:SeriousVersions affected:4.0 to 4.0.2, 3.11 to 3.11.8, 3.9 to 3.9.15 and earlier unsupported versionsVersions fixed:4.0.3, 3.11.9 and 3.9.16Reported by:Lars BonczekCVE identifier:CVE-2022-0323Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75388Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=437684&parent=1761481
от Michael Hawkins. Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.Severity/Risk:MinorVersions affected:4.0 to 4.0.2 and 3.11 to 3.11.8Versions fixed:4.0.3 and 3.11.9Reported by:Paul HoldenCVE identifier:CVE-2022-2986Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75326Tracker issue:MDL-75326 CSRF risk in enabling/disabling installed H5P libraries
More info:
https://moodle.org/mod/forum/discuss.php?d=437685&parent=1761482
от Michael Hawkins. A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Paul HoldenCVE identifier:CVE-2022-40314Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75405Tracker issue:MDL-75405 Remote code execution risk
More info:
https://moodle.org/mod/forum/discuss.php?d=438393&parent=1764794
от Michael Hawkins. Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Adam Roberts, NCC GroupCVE identifier:CVE-2022-40313Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=438392&parent=1764793
