Month: mayo 2020

Linux kernel vulnerability CVE-2019-19062 Security Advisory Security Advisory Description A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3 ... More info: https://support.f5.com/csp/article/K84797753?utm_source=f5support&utm_medium=RSS

BIND vulnerability CVE-2020-8617 Security Advisory Security Advisory Description Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state ... More info: https://support.f5.com/csp/article/K05544642?utm_source=f5support&utm_medium=RSS

BIND vulnerability CVE-2020-8616 Security Advisory Security Advisory Description A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed ... More info: https://support.f5.com/csp/article/K97810133?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2019-19059 Security Advisory Security Advisory Description Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi ... More info: https://support.f5.com/csp/article/K06554372?utm_source=f5support&utm_medium=RSS

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=RSS

Project: Drupal coreDate: 2020-May-20Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescription: The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are [...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others. Security advisories More info: https://www.drupal.org/sa-core-2020-002

Project: Drupal coreDate: 2020-May-20Security risk: Moderately critical 10∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Open RedirectDescription: Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.Other versions of Drupal More info: https://www.drupal.org/sa-core-2020-003

When the context is about security, we know how crucial it is to regularly update WordPress installations. The average WordPress website is attacked by malware 44 times a day. From weak plug-ins to insecure themes, anything could give a chance to a malware to infect your CMS. Keeping in mind the plight of the webmasters, […] More info: https://www.getastra.com/blog/cms/wordpress-security/wordpress-plugin-theme-updates-automatic/

On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being exploited in conjunction with another vulnerability found in Ultimate Addons for Elementor, a WordPress plugin installed on approximately 110,000 sites. We immediately released a firewall […] More info: https://www.wordfence.com/blog/2020/05/the-elementor-attacks-how-creative-hackers-combined-vulnerabilities-to-take-over-wordpress-sites/

Searching through the activity logs of multiple websites from one central place should be an easy thing to do. After all, you install an activity log plugin on all the child sites you manage via MainWP so you can know exactly what is happening when you need to. That is why we are really excited […] More info: https://www.wpsecurityauditlog.com/releases/al4mwp-1-5/