A buffer overflow flaw was discovered in Exim, a mail transport agent. Aremote attacker can take advantage of this flaw to cause a denial ofservice, or potentially the execution of arbitrary code.
More info:
https://www.debian.org/security/2019/dsa-4536
Lilith of Cisco Talos discovered a buffer overflow flaw in the quotacode used by e2fsck from the ext2/ext3/ext4 file system utilities.Running e2fsck on a malformed file system can result in the execution ofarbitrary code.
More info:
https://www.debian.org/security/2019/dsa-4535
It was discovered that file-roller, an archive manager for GNOME, doesnot properly handle the extraction of archives with a single ./../ in afile path. An attacker able to provide a specially crafted archive forprocessing can take advantage of this flaw to overwrite files if a useris dragging a specific file or map to a location to extract to.
More info:
https://www.debian.org/security/2019/dsa-4537
More info:
https://wpvulndb.com/vulnerabilities/9892
More info:
https://wpvulndb.com/vulnerabilities/9893
More info:
https://wpvulndb.com/vulnerabilities/9893
More info:
https://wpvulndb.com/vulnerabilities/9891
More info:
https://wpvulndb.com/vulnerabilities/9889
https://www.wordfence.com/blog/2019/09/podcast-episode-47-staying-secure-through-community-cooperation-with-givewps-matt-cromwell/ At WordCamp Sacramento, Matt Cromwell from GiveWP talked with us about how Give began, their mission of democratizing generosity, and how they handled the vulnerability disclosure from the Wordfence team. When our security researchers reached out to provide a proof of concept, the Give and Wordfence teams worked together to ensure that the vulnerability […]
More info:
https://www.wordfence.com/blog/2019/09/podcast-episode-47-staying-secure-through-community-cooperation-with-givewps-matt-cromwell/
https://www.wpwhitesecurity.com/choosing-https-certificate-wordpress-website/In our previous post WordPress HTTPS, SSL and TLS – a guide for website administrators, we explained what HTTPS and all the other technical terms are, and how it works. In this article, we discuss HTTPS certificates, the different ways you may acquire one for your WordPress website, and why you should or shouldn’t pay […]
More info:
https://www.wpwhitesecurity.com/choosing-https-certificate-wordpress-website/
