Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. When done on the well-known system bus, this is a denial-of-service vulnerability. If a privileged user with control over the dbus-daemon is using the interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.ĭ-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon.
This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.Ĭontent on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.Ī limited SQL injection risk was identified on the Mnet SSO access control page. Sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.Īn issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk.
0 kommentar(er)
