oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Moodle security notifications public

From: cve-assign () mitre org
Date: Fri, 21 Mar 2014 21:35:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


MSA-14-0004: Incorrect filtering in Quiz
CVE identifier:    Pending


This is assigned CVE-2014-2571.



MSA-14-0008: Cross site scripting potential in Flowplayer
CVE identifier:    Pending


This is assigned CVE-2013-7341. As far as we know, the relevant
Flowplayer upstream references are:

  http://flash.flowplayer.org/documentation/version-history.html
  https://github.com/flowplayer/flash/issues/121

and the first fixed upstream version was 3.2.17 (but 3.2.18 is
preferable for usability reasons).



MSA-14-0013: Unfiltered data used in Assignment web services
CVE identifier:    Pending


This is assigned CVE-2014-2572.


These should be available soon:

  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2571
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7341
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2572

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTLOdPAAoJEKllVAevmvmsLzUH/0BgYc8195oRg/NfrunnGcMw
j0eXA0uBDry3Brhj2j4yExP2DdpAyEs9x3/sLGH9PgdxCmsx4UeICoW9q5S7YhY6
mC018aqO/IXm56vrBg1YYF9FWE6A6vUQKLZ6uvBwKaz9/8v3OMpRizCxYO429t9W
Qa2JxllxCoerY15OIRZ9evvG502XM7luXZ+EIhybqRRI7lCDkKeNFK6Ix7dZxttE
4PuxiB/MUGxYLlwl4OORvrqPlMQpv3+j7MPRVh+5YvRel+pGSSj3wQc5fFxdp0ZX
5howdAY1E2Oes4R5K0yPYi2bZTiLbzR30KlPuPK9LeeAbI255PwaHw5u6CP2Nvw=
=1vea
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: