https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/ On February 26th, our Threat Intelligence team discovered a vulnerability in Import Export WordPress Users, a WordPress plugin installed on over 30,000 sites. The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users. We reached out to the plugin’s developer on February 26th, who […]
More info:
https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/
PHP vulnerability CVE-2020-7059 Security Advisory Security Advisory Description When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3. ...
More info:
https://support.f5.com/csp/article/K21418431?utm_source=f5support&utm_medium=RSS
PHP vulnerability CVE-2020-7060 Security Advisory Security Advisory Description When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x ...
More info:
https://support.f5.com/csp/article/K45991967?utm_source=f5support&utm_medium=RSS
PHP vulnerability CVE-2020-7062 Security Advisory Security Advisory Description In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, ...
More info:
https://support.f5.com/csp/article/K21121402?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2019-19072 Security Advisory Security Advisory Description A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel ...
More info:
https://support.f5.com/csp/article/K42438635?utm_source=f5support&utm_medium=RSS
You are viewing a previous version of this security bulletin. For the most current version please visit: "Container Security Issue (CVE-2019-5736)". February 11, 2019 11:00 PM PST CVE Identifier: CVE-2019-5736 AWS is aware of the recently disclosed security issue which affects several open-source container management systems (CVE-2019-5736). With the exception of the AWS services listed below, no customer action is required to address this issue. Amazon Linux An updated version of
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/v3/
You are viewing a previous version of this security bulletin. For the most current version please visit: "Linux Kernel TCP SACK Denial of Service Issues". June 17, 2019 10:00AM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 AWS is aware of three recently-disclosed issues which affect the TCP processing subsystem of the Linux kernel. Specifically, a malicious TCP client or server can transmit a specially crafted series of packets that may cause the Linux kernel of
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2019-005/v1/
Last Updated: June 17, 2019 17:00PM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 This is an update for this issue. AWS Elastic Beanstalk Updated AWS Elastic Beanstalk Linux-based platform versions are available. Customers using Managed Platform Updates will be automatically updated to the latest platform version in their selected maintenance window with no other action required. Alternatively, customers using Managed Platform Updates may independently apply available
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2019-005/v3/
Last Updated: June 17, 2019 14:15PM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 This is an update for this issue. Updated Linux kernels for Amazon Linux are available in the Amazon Linux repositories, and updated Amazon Linux AMIs are available for use. Customers with existing EC2 instances running Amazon Linux should run the following command within each EC2 instance running Amazon Linux to ensure they receive the updated package: sudo yum update kernel As is standard
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2019-005/v2/
pppd vulnerability CVE-2020-8597 Security Advisory Security Advisory Description eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response ...
More info:
https://support.f5.com/csp/article/K73217235?utm_source=f5support&utm_medium=RSS
