by Michael Hawkins. A limited SQL injection risk was identified in the "browse list of users" site administration page.Severity/Risk:MinorVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:VincentCVE identifier:CVE-2022-40315Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75283Tracker issue:MDL-75283 Minor SQL injection risk in admin
More info:
https://moodle.org/mod/forum/discuss.php?d=438394&parent=1764795
by Michael Hawkins. The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.Severity/Risk:MinorVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Jari Vilkman and Bjørn TeistungWorkaround:Access to this feature can be revoked by removing the
More info:
https://moodle.org/mod/forum/discuss.php?d=438395&parent=1764796
Executive Summary Chromeloader proves to be an extremely prevalent and persistent malware. It initially drops as an .iso and can be used to leak users’ browser credentials, harvest recent online activity and hijack the browser searches to display ads. The VMware Carbon Black Managed Detection and Response (MDR) team observed the first Windows variants of … ContinuedThe post The Evolution of the Chromeloader Malware appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=the-evolution-of-the-chromeloader-malware
Perl vulnerability CVE-2018-18311 Security Advisory Security Advisory Description Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers ...
More info:
https://support.f5.com/csp/article/K39178480?utm_source=f5support&utm_medium=RSS
Last week, thousands gathered in San Francisco to journey to the center of the multi-cloud universe with VMware Explore 2022. It was an action-packed event filled with crowded session rooms, exciting announcements, and hands-on demos. Whether you couldn’t join us in person or just can’t get enough VMware Explore content, check out our security & … ContinuedThe post The Future of Multi-Cloud: Recapping VMware Explore 2022 appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/09/the-future-of-multi-cloud-recapping-vmware-explore-2022.html?utm_source=rss&utm_medium=rss&utm_campaign=the-future-of-multi-cloud-recapping-vmware-explore-2022
OpenJDK vulnerabilities CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, and CVE-2022-21299 Security Advisory Security Advisory Description CVE-2022-21291 Vulnerability in the ...
More info:
https://support.f5.com/csp/article/K44270253?utm_source=f5support&utm_medium=RSS
Multiple Java vulnerabilities Security Advisory Security Advisory Description CVE-2022-21248 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ( ...
More info:
https://support.f5.com/csp/article/K62701550?utm_source=f5support&utm_medium=RSS
We reviewed Zero Trust in a series of blogs earlier this month. In this blog, we are discussing a new product in tech preview to help address some of the ideas discussed in the Zero Trust Blog Series. You can review the previous blogs here: The End-to-End Zero Trust Journey: How Did We Get Here? … ContinuedThe post Multi-cloud with Continuous Risk-driven Security and Compliance appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/08/introducing-project-watch.html?utm_source=rss&utm_medium=rss&utm_campaign=introducing-project-watch
The cloud has taken over the way enterprises do everything, from data storage to application development. While this multi-cloud environment has created exponential avenues for business growth and efficiency, it has also expanded the threat landscape. Enterprises deal with credential issues, lateral movement, lack of visibility, ransomware, and so much more. These challenges demand new … ContinuedThe post Multi-Cloud Networking and Security Makes a Splash at VMware Explore 2022 appeared
More info:
https://blogs.vmware.com/security/2022/09/multi-cloud-networking-and-security-makes-a-splash-at-vmware-explore-2022.html?utm_source=rss&utm_medium=rss&utm_campaign=multi-cloud-networking-and-security-makes-a-splash-at-vmware-explore-2022
Intel CPU vulnerability CVE-2021-33060 Security Advisory Security Advisory Description Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to ...
More info:
https://support.f5.com/csp/article/K12055286?utm_source=f5support&utm_medium=RSS
