Project: Drupal coreVersion: 8.8.x-dev8.7.x-devDate: 2020-March-18Security risk: Moderately critical 13∕25 AC:Complex/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Third-party libraryDescription: The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations.Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your sites users. An attacker that can create or
More info:
https://www.drupal.org/sa-core-2020-001
https://www.wordfence.com/blog/2020/03/severe-flaws-patched-in-responsive-ready-sites-importer-plugin/ On March 2nd, our Threat Intelligence team discovered several vulnerable endpoints in Responsive Ready Sites Importer, a WordPress plugin installed on over 40,000 sites. These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions that could reset site data, inject malicious JavaScript in pages, modify theme customizer […]
More info:
https://www.wordfence.com/blog/2020/03/severe-flaws-patched-in-responsive-ready-sites-importer-plugin/
Greetings from VMware Security Response Center. Today, we would like to make you aware that the fix for CVE-2020-3950 in Fusion 11.5.2 is incomplete and addresses the issue partially. VMware security advisory VMSA-2020-0005 has been updated with instructions that complete the fix for Fusion 11.5.2. To remediate this issue completely, these instructions need to be The post Fusion 11.5.2 Incomplete Fix – CVE-2020-3950 appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/03/fusion-11-5-2-incomplete-fix-cve-2020-3950.html
