Ben Samtleben

**Name of the Vulnerable Software and Affected Versions** SAP HANA Cockpit and HANA Database Explorer (affected versions not specified) **Description** An information disclosure issue exists in SAP HANA Cockpit and HANA Database Explorer where X.509 private keys are leaked via Database Explorer access. This leak could allow for server impersonation. **Recommendations** Manually revoke and rotate certificates.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.5 to 3.5.17 Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 **Description** A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. This issue is related to insufficient input validation, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Moodle versions 3.5 to 3.5.17, update to a version that respects user file upload limits to prevent denial-of-service attacks. For Moodle versions 3.8 to 3.8.8, update to a version that respects user file upload limits to prevent denial-of-service attacks. For Moodle versions 3.9 to 3.9.6, update to a version that respects user file upload limits to prevent denial-of-service attacks. For Moodle versions 3.10 to 3.10.3, update to a version that respects user file upload limits to prevent denial-of-service attacks. As a temporary workaround, consider restricting access to the draft files area until a patch is available.