Blog

Debian package management system vulnerability CVE-2022-1664 Security Advisory Security Advisory Description Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1. ... More info: https://support.f5.com/csp/article/K23439402?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2021-43057 Security Advisory Security Advisory Description An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka ... More info: https://support.f5.com/csp/article/K13844002?utm_source=f5support&utm_medium=RSS

Apache Tomcat vulnerability CVE-2022-25762 Security Advisory Security Advisory Description If a web application sends a WebSocket message concurrently with the WebSocket connection closing when ... More info: https://support.f5.com/csp/article/K49622415?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2021-22555 Security Advisory Security Advisory Description A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. More info: https://support.f5.com/csp/article/K06524534?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2021-38202 Security Advisory Security Advisory Description fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of ... More info: https://support.f5.com/csp/article/K34041353?utm_source=f5support&utm_medium=RSS

Apache HTTP server vulnerability CVE-2022-28614 Security Advisory Security Advisory Description The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an ... More info: https://support.f5.com/csp/article/K58003591?utm_source=f5support&utm_medium=RSS

di Michael Hawkins. ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.Severity/Risk:MinorVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and 3.9.14Reported by:Paul HoldenCVE identifier:CVE-2022-30596Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204Tracker issue:MDL-74204 More info: https://moodle.org/mod/forum/discuss.php?d=434578&parent=1748722

di Michael Hawkins. The description user field was not hidden when being set as a hidden user field.Severity/Risk:MinorVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and 3.9.14Reported by:Bo FoghtCVE identifier:CVE-2022-30597Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74318Tracker issue:MDL-74318 Description field hidden by user policies More info: https://moodle.org/mod/forum/discuss.php?d=434579&parent=1748723

di Michael Hawkins. Global search results could include author information on some activities where a user may not otherwise have access to it.Severity/Risk:MinorVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and 3.9.14Reported by:CatalinaCVE identifier:CVE-2022-30598Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623Tracker issue:MDL-71623 Global More info: https://moodle.org/mod/forum/discuss.php?d=434580&parent=1748724

di Michael Hawkins. An SQL injection risk was identified in Badges code relating to configuring criteria.NOTE: in Moodle 4.0, 3.11.6, 3.10.10 and 3.9.13, access to this vulnerability was available to site administrators only. In earlier versions, access to the relevant capability was also limited to teachers and managers by default.Severity/Risk:SeriousVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and More info: https://moodle.org/mod/forum/discuss.php?d=434581&parent=1748725