by Michael Hawkins. The decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk.Severity/Risk:SeriousVersions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versionsVersions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14Reported by:Ivan NovichkovCVE identifier:CVE-2020-25630Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=410842&parent=1657004
SCP vulnerability CVE-2020-15778 Security Advisory Security Advisory Description scp in OpenSSH through 8.3p1 allows command injection in scp.c remote function, as demonstrated by backtick ...
More info:
https://support.f5.com/csp/article/K04305530?utm_source=f5support&utm_medium=RSS
In our previous blogs, we discussed the emergence of XDR and its differentiation compared to other security solutions as well as its use cases and the role of the MITRE ATT&CK framework. In this 3rd and final blog of the XDR mini-series, we’ll discuss some challenges organizations may face while trying to implement XDR solutions. The post Challenges of Implementing XDR appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/09/challenges-to-implementing-xdr-solutions.html?utm_source=rss&utm_medium=rss&utm_campaign=challenges-to-implementing-xdr-solutions
Vulnerabilities were recently patched in the Discount Rules for WooCommerce plugin installed on over 40,000 WordPress sites. Developers from OWASP Core Rule Set said ModSecurity v3 is exposed to denial of service exploits, though the maintainers of ModSecurity reject that claim. A severe vulnerability called Zerologon in Windows Netlogon was patched in August; this bug […]
More info:
https://www.wordfence.com/blog/2020/09/episode-87-vulnerabilities-affect-discount-rules-for-woocommerce-plugin-modsecurity-windows/
Are you frustrated trying to fix the HTTP 500 Internal Server Error on your WordPress site? You’re not alone. This is one of the most dreaded errors on WordPress because it never has a straightforward solution. Troubleshooting can take a lot of time and meanwhile, your site is down. You lose visitors, traffic, SEO rankings, […]
More info:
https://blogvault.net/http-500-internal-server-error-wordpress/
On August 14, our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution on […]
More info:
https://www.wordfence.com/blog/2020/09/critical-vulnerabilities-patched-in-xcloner-backup-and-restore-plugin/
We are excited to announce a new update of Activity Log for the WPForms. With this extension for the WP Activity Log plugin you can keep a log of changes your team does on forms and the WPForms plugin settings. In this update we focused mostly on improving the coverage of the activity logs; WP […]
More info:
https://wpactivitylog.com/activity-log-wpforms-1-1/
FreeType vulnerability CVE-2015-9382 Security Advisory Security Advisory Description FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token ...
More info:
https://support.f5.com/csp/article/K46641512?utm_source=f5support&utm_medium=RSS
Initial Publication Date: 2020/09/22 8:45AM PST CVE Identifier: CVE-2020-25604 AWS is aware of Xen Security Advisory 336 released by the Xen Security team on September 22nd 2020. Nitro based instances are not affected. Under rare circumstances, a guest may be able to cause a Xen host to reboot. This poses no risk to confidentiality or integrity of customer data, and no customer action is required. We are actively updating the fleet, and will update this security bulletin when complete.
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2020-003/
Initial Publication Date: 2020/09/22 8:45AM PST CVE Identifier: CVE-2020-25595 AWS is aware of Xen Security Advisory 337 released by the Xen Security team on September 22nd 2020. Nitro based instances are not affected. The issue depends on PCI devices passed through to customer instances exposing behavior outside of the PCI device specification. EC2 is not using such devices, and no customer action is required.
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2020-004/
