Month: diciembre 2020

Kernel vulnerability CVE-2017-0861 Security Advisory Security Advisory Description Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows ... More info: https://support.f5.com/csp/article/K54212139?utm_source=f5support&utm_medium=RSS

For the last few weeks we’ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period. These attacks attempt to guess the password of an authorized user on a site, and some of […] More info: https://www.wordfence.com/blog/2020/12/the-nonenone-brute-force-attacks-even-hackers-need-qa/

It’s not very often that we see abandoned components being used on a website — but when we do, it’s most often because the website was exhibiting malware-like behavior and we were called to investigate and clean up the site. Old and abandoned plugins and themes are a good target for opportunistic attackers who are […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/vKdt2NZpgRI/the-dangers-of-using-abandoned-plugins-themes.html

Contact Form 7, arguably the most widely used WordPress plugin, released a security patch for an unrestricted file upload vulnerability in all versions 5.3.1 and lower. The WordPress plugin directory lists 5+ million sites using Contact Form 7, but we estimate that it has at least 10 million installations. One of the important features of […] More info: https://www.wordfence.com/blog/2020/12/a-challenging-exploit-the-contact-form-7-file-upload-vulnerability/

Samba vulnerability CVE-2018-1050 Security Advisory Security Advisory Description All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service ... More info: https://support.f5.com/csp/article/K01494912?utm_source=f5support&utm_medium=RSS

Kernel vulnerability CVE-2017-1000410 Security Advisory Security Advisory Description The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming ... More info: https://support.f5.com/csp/article/K58928452?utm_source=f5support&utm_medium=RSS

QEMU vulnerability CVE-2017-13672 Security Advisory Security Advisory Description QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged ... More info: https://support.f5.com/csp/article/K23893104?utm_source=f5support&utm_medium=RSS

QEMU vulnerability CVE-2018-7858 Security Advisory Security Advisory Description Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS ... More info: https://support.f5.com/csp/article/K51543541?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2018-1000004 Security Advisory Security Advisory Description In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists ... More info: https://support.f5.com/csp/article/K05137342?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2018-10872 Security Advisory Security Advisory Description A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation ... More info: https://support.f5.com/csp/article/K05345625?utm_source=f5support&utm_medium=RSS