David Utón

Name of the Vulnerable Software and Affected Versions: Moodle (affected versions not specified) Description: The issue is related to insufficient input validation, which could allow a remote attacker to execute arbitrary commands. It also involves incorrect validation of allowed event types in a calendar web service, enabling some users to create events with types or audiences they are not authorized to publish to. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sagemcom FAST3686 V2 Vodafone router (affected versions not specified) **Description** The issue is related to an insufficient session timeout in the Sagemcom FAST3686 V2 Vodafone router. This could allow a local attacker to access the administration panel without requiring login credentials. The vulnerability is possible because the 'Login.asp' and 'logout.asp' files do not handle session details correctly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.