freeswitch имеет лишнюю сборочную зависимость на libImageMagick-devel

Просьба собрать dbus-glib 0.110 или новее

Уязвимость виртуальной обучающей среды moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код и раскрыть защищаемую информацию

Уязвимость реализации функции автоматического входа в систему с мобильных устройств виртуальной обучающей среды Moodle, позволяющая нарушителю провести фишинговую атаку и раскрыть защищаемую информацию

Уязвимость модуля LTI виртуальной обучающей среды Moodle, позволяющая нарушителю проводить фишинговые атаки или раскрыть защищаемую информацию

Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной очисткой пользовательских данных, позволяющая нарушителю выполнить произвольные SQL-команды

Уязвимость плагина H5P виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость виртуальной обучающей среды Moodle, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код

Уязвимость реализации функции рекурсивного рендеринга компонента Mustache helpers системы шаблонов Mustache template system виртуальной обучающей среды Moodle, позволяющая нарушителю проводить межсайтовые сценарные атаки или вызвать отказ в обслуживании

Уязвимость виртуальной обучающей среды Moodle, связанная с неправильной проверкой входных данных, позволяющая нарушителю выполнить произвольный код

Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной проверкой входных данных, позволяющая нарушителю раскрыть защищаемую информацию

Уязвимость системы управления курсами Moodle, связанная с недостаточной проверкой источника HTTP-запроса в URL-адресе перенаправления курса, позволяющая нарушителю выполнять атаки с подделкой межсайтовых запросов

Уязвимость системы управления курсами Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнять атаки с использованием межсайтовых сценариев (XSS)

Уязвимость системы управления курсами Moodle, связанная с недостаточной проверкой введенных пользователем данных в библиотеке поставщика LTI, позволяющая нарушителю выполнять SSRF-атаки

Уязвимость виртуальной обучающей среды Moodle, связанная с неправильным контролем доступа, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям

Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной очисткой данных, позволяющая нарушителю выполнять произвольные SQL-запросы в базе данных

Уязвимость виртуальной обучающей среды Moodle, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код

Уязвимость виртуальной обучающей среды Moodle, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код

Уязвимость виртуальной обучающей среды Moodle, связанная с неправильной нейтрализацией ввода во время создания веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)

Уязвимость виртуальной обучающей среды Moodle, связанная с неправильной нейтрализацией ввода во время создания веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)

Уязвимость виртуальной обучающей среды Moodle, связанная с раскрытием конфиденциальной информации несанкционированному субъекту, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10.

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.

In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.

A limited SQL injection risk was identified in the "browse list of users" site administration page.

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.

The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.

If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

The course upload preview contained an XSS risk for users uploading unsafe data.

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

Moodle Open redirect risk in mobile auto-login feature

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Moodle Cross-site Scripting vulnerability

Moodle remote code execution

Moodle Improper Access Control vulnerability

Moodle No groups filtering in H5P activity attempts report

Moodle Code Injection vulnerability

Moodle vulnerable to SQL Injection

Moodle arbitrary file read vulnerability

Moodle Code Injection vulnerability

Moodle LTI module reflected XSS risk

Moodle reflected cross-site scripting vulnerability in policy tool

Moodle SQL Injection vulnerability

Moodle vulnerable to Cross-site Scripting

SQL Injection in moodle

Moodle SQL Injection vulnerability

Cross-Site Request Forgery in Moodle

Moodle may allow students to bypass sequential navigation during a quiz attempt

Moodle Cross-site Scripting vulnerability

Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional

Moodle Cross-site Scripting vulnerability

Exposure of Sensitive Information to an Unauthorized Actor in Moodle

Privilage Escalation in moodle

Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability

Moodle Improper Access Control vulnerability

Privilage Escalation in moodle

Moodle Cross-site Scripting vulnerability

Moodle Stored Cross-site Scripting and page denial of service

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Moodle Minor SQL injection risk in admin user browsing

Cross-site Scripting (XSS) in moodle

Moodle Arbitrary file read when importing lesson questions

Moodle may allow teachers to access the names of users they could not otherwise access

Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input

Moodle may display roles to users who don't have access to them

Improper Access Control in moodle

Moodle Code Injection vulnerability

Moodle Stored XSS and blind SSRF possible via SCORM track details

Moodle PostScript Code Injection

Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library

Moodle vulnerable to Server Side Request Forgery

apt-repo test устанавливает checkinstall пакеты

файл /usr/lib64/libopusfile.so.0 из устанавливаемого пакета libopusfile0 конфликтует

Уязвимость компонента net/bluetooth/l2cap_core.c ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Уязвимость компонента net/packet/af_packet.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.