by Michael Hawkins. Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.Severity/Risk:MinorVersions affected:4.0 to 4.0.2 and 3.11 to 3.11.8Versions fixed:4.0.3 and 3.11.9Reported by:Paul HoldenCVE identifier:CVE-2022-2986Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75326Tracker issue:MDL-75326 CSRF risk in enabling/disabling installed H5P libraries
More info:
https://moodle.org/mod/forum/discuss.php?d=437685&parent=1761482
Glib vulnerability CVE-2019-14822 Security Advisory Security Advisory Description A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send ...
More info:
https://support.f5.com/csp/article/K70949911?utm_source=f5support&utm_medium=RSS
AV-Comparatives recently released the latest results of the Business Security Test. Out of the 18 leading cyber security vendors tested, VMware Carbon Black was the only vendor to stop 100% of Malware attacks, and that was with zero false positives. Our platform sees more and stops more attacks, and when it says something is bad or … ContinuedThe post VMware Carbon Black Achieves 100% Malware Protection and Zero False Positives in AV-Comparatives Test appeared first on VMware Security
More info:
https://blogs.vmware.com/security/2022/08/vmware-carbon-black-achieves-100-malware-protection-and-zero-false-positives-in-av-comparatives-test.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-carbon-black-achieves-100-malware-protection-and-zero-false-positives-in-av-comparatives-test
Poppler vulnerability CVE-2017-18267 Security Advisory Security Advisory Description The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to ...
More info:
https://support.f5.com/csp/article/K72376285?utm_source=f5support&utm_medium=RSS
Poppler vulnerability CVE-2018-10768 Security Advisory Security Advisory Description There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package ...
More info:
https://support.f5.com/csp/article/K22854723?utm_source=f5support&utm_medium=RSS
Poppler vulnerability CVE-2018-13988 Security Advisory Security Advisory Description Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not ...
More info:
https://support.f5.com/csp/article/K37683194?utm_source=f5support&utm_medium=RSS
Zero trust, ransomware, and cloud smart networking security, oh my! There’s plenty to be explored this year at VMware Explore. With the event just one week away, the countdown is on. Don’t miss your chance to sign up for the premier multi-cloud event of the year. This year, 15 lucky attendees will win a Sonos … ContinuedThe post Win a Sonos Speaker at VMware Explore 2022 appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/08/win-a-sonos-speaker-at-vmware-explore-2022.html?utm_source=rss&utm_medium=rss&utm_campaign=win-a-sonos-speaker-at-vmware-explore-2022
Apache Xalan Java Library vulnerability CVE-2022-34169 Security Advisory Security Advisory Description The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when ...
More info:
https://support.f5.com/csp/article/K42795243?utm_source=f5support&utm_medium=RSS
Application programming interfaces (APIs) are critical to modern applications. APIs are used to communicate information between users and applications, between the different components of a composite application, and to communicate with a rapidly increasing variety of devices. Initially, they mainly existed in the background, hidden from end-users and bad actors. However, as microservices, containers, and cloud-based services … ContinuedThe post Extending the Zero Trust Architecture
More info:
https://blogs.vmware.com/security/2022/08/extending-the-zero-trust-architecture-concept-to-apis.html?utm_source=rss&utm_medium=rss&utm_campaign=extending-the-zero-trust-architecture-concept-to-apis
BIG-IP iRules vulnerability CVE-2022-33962 Security Advisory Security Advisory Description The node iRules command may allow an attacker to bypass the access control restrictions for a self IP ...
More info:
https://support.f5.com/csp/article/K80970653?utm_source=f5support&utm_medium=RSS
