 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2014.0230 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2014-0230) |
| Zusammenfassung: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0230 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0230 advisory. Vulnerability Insight: Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users (CVE-2014-0213). In Moodle before 2.6.3, MoodleMobile web service tokens, created automatically in login/token.php, were not expiring and were valid forever (CVE-2014-0214). In Moodle before 2.6.3, Some student details, including identities, were included in assignment marking pages and would have been revealed to screen readers or through code inspection (CVE-2014-0215). In Moodle before 2.6.3, Access to files linked on HTML blocks on the My home page was not being checked in the correct context, allowing access to unauthenticated users (CVE-2014-0216). In Moodle before 2.6.3, There was a lack of filtering in the URL downloader repository that could have been exploited for XSS (CVE-2014-0218). The 2.4 branch of Moodle will no longer be supported as of approximately June 2014, so the Moodle package has been upgraded to version 2.6.3 to fix these issues. Affected Software/OS: 'moodle' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-0213 [oss-security] 20140519 Moodle security notifications public http://openwall.com/lists/oss-security/2014/05/19/1 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606 https://moodle.org/mod/forum/discuss.php?d=260361 Common Vulnerability Exposure (CVE) ID: CVE-2014-0214 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119 https://moodle.org/mod/forum/discuss.php?d=260362 Common Vulnerability Exposure (CVE) ID: CVE-2014-0215 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44750 https://moodle.org/mod/forum/discuss.php?d=260363 Common Vulnerability Exposure (CVE) ID: CVE-2014-0216 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877 https://moodle.org/mod/forum/discuss.php?d=260364 Common Vulnerability Exposure (CVE) ID: CVE-2014-0218 67479 http://www.securityfocus.com/bid/67479 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332 https://moodle.org/mod/forum/discuss.php?d=260366 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |