Hugh Davenport

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.3.1 **Description** An issue was discovered where an invalid multibyte string supplied as an argument to the `mb split()` function can cause PHP to execute `memcpy()` with a negative argument. This could result in reading and writing past buffers allocated for the data. **Recommendations** For PHP versions prior to 7.3.1, update to version 7.3.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `mb split()` function with unvalidated input until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mahara versions 1.9 through 1.9.5 Mahara versions 1.10 through 1.10.3 Mahara versions 15.04 through 15.04.0 **Description** The issue allows a site admin or institution admin to inject HTML and Javascript into an institution display name. This malicious content will be displayed to other users unescaped on certain system pages, potentially leading to security issues. **Recommendations** For Mahara versions 1.9 through 1.9.5, update to version 1.9.6 or later. For Mahara versions 1.10 through 1.10.3, update to version 1.10.4 or later. For Mahara versions 15.04 through 15.04.0, update to version 15.04.1 or later.

**Name of the Vulnerable Software and Affected Versions** Mahara versions 15.04 through 15.04.7 Mahara versions 15.10 through 15.10.3 Mahara versions 16.04 through 16.04.1 **Description** The issue arises from Mahara's improper implementation of one of the MNet SSO API functions, causing users to remain logged in to their Mahara account even after being logged out of Moodle when using MNet. **Recommendations** For Mahara versions 15.04 through 15.04.7, update to version 15.04.8 to resolve the issue. For Mahara versions 15.10 through 15.10.3, update to version 15.10.4 to resolve the issue. For Mahara versions 16.04 through 16.04.1, update to version 16.04.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3 **Description** The issue is related to the XPC Services API in LaunchServices, which has inadequate access control. This allows an attacker to bypass event-handler restrictions and modify events of arbitrary apps using a crafted app. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 9.3, update to iOS version 9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XPC Services API in LaunchServices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.11 and earlier, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, 3.0.x before 3.0.3 **Description** The issue is related to insufficient access control to certain links, allowing a remote attacker to obtain sensitive URL information by reading a Referer log. This could potentially lead to unauthorized access to protected information. **Recommendations** For versions 2.6.11 and earlier, update to a version later than 2.6.11. For versions 2.7.x before 2.7.13, update to version 2.7.13 or later. For versions 2.8.x before 2.8.11, update to version 2.8.11 or later. For versions 2.9.x before 2.9.5, update to version 2.9.5 or later. For versions 3.0.x before 3.0.3, update to version 3.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.6.11 Moodle versions 2.7.x before 2.7.11 Moodle versions 2.8.x before 2.8.9 Moodle versions 2.9.x before 2.9.3 **Description** The issue exists due to the lack of protection for the web page structure in the survey module of the Moodle learning management system. This allows a remote attacker, using the `student` role and a specially crafted survey answer, to inject arbitrary web or HTML code. **Recommendations** For versions prior to 2.6.11, update to version 2.6.11 or later. For versions 2.7.x before 2.7.11, update to version 2.7.11 or later. For versions 2.8.x before 2.8.9, update to version 2.8.9 or later. For versions 2.9.x before 2.9.3, update to version 2.9.3 or later.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.9.3 **Description** The issue is related to the xmlSAX2TextNode function in the HTML parser of libxml2, which allows context-dependent attackers to cause a denial of service or obtain sensitive information via crafted XML data. This can lead to a stack-based buffer over-read and application crash. The vulnerability can be exploited by a remote attacker using specially formed XML data. **Recommendations** For versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the xmlSAX2TextNode function in the HTML parser until a patch is available. Avoid using the `xmlSAX2TextNode` function with untrusted XML data until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.5.9 and earlier, 2.6.x before 2.6.11, 2.7.x before 2.7.8, 2.8.x before 2.8.6 **Description** The issue allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading, due to the failure to set the RISK XSS bit for graders in the mod/quiz/db/access.php file. This can be exploited by a remote attacker to perform XSS attacks. **Recommendations** For versions 2.5.9 and earlier, update to a version later than 2.5.9. For versions 2.6.x before 2.6.11, update to version 2.6.11 or later. For versions 2.7.x before 2.7.8, update to version 2.7.8 or later. For versions 2.8.x before 2.8.6, update to version 2.8.6 or later. As a temporary workaround, consider restricting access to the gradebook feedback feature during manual quiz grading until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ownCloud Server Community Edition versions prior to 5.0.19 ownCloud Server Community Edition versions 6.x prior to 6.0.7 ownCloud Server Community Edition versions 7.x prior to 7.0.5 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted contact in the contacts application, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For ownCloud Server Community Edition versions prior to 5.0.19, update to version 5.0.19 or later. For ownCloud Server Community Edition versions 6.x prior to 6.0.7, update to version 6.0.7 or later. For ownCloud Server Community Edition versions 7.x prior to 7.0.5, update to version 7.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** Mahara versions prior to 1.5.12 Mahara versions 1.6.x prior to 1.6.7 Mahara versions 1.7.x prior to 1.7.3 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php. This is a cross-site scripting (XSS) vulnerability. **Recommendations** For Mahara versions prior to 1.5.12, update to version 1.5.12 or later. For Mahara versions 1.6.x prior to 1.6.7, update to version 1.6.7 or later. For Mahara versions 1.7.x prior to 1.7.3, update to version 1.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mahara versions prior to 1.5.13 Mahara versions 1.6.x prior to 1.6.8 Mahara versions 1.7.x prior to 1.7.4 **Description** The issue allows remote authenticated users to read arbitrary folders by either leveraging an active folder tab loaded before permissions were removed or via the `folder` parameter to "artefact/file/groupfiles.php". **Recommendations** For Mahara versions prior to 1.5.13, update to version 1.5.13 or later. For Mahara versions 1.6.x prior to 1.6.8, update to version 1.6.8 or later. For Mahara versions 1.7.x prior to 1.7.4, update to version 1.7.4 or later.