Month: enero 2021

[V2] Last Updated: 2021/01/27 1:00PM PDTCVE Identifier: CVE-2021-3156 This is an update for this issue. AWS is aware of the security issue recently disclosed by the open source community affecting the Linux "sudo" utility (CVE-2021-3156). This issue may permit unprivileged users to run privileged commands, or cause affected hosts to crash. Updated versions of sudo are available in the Amazon Linux and Amazon Linux 2 package repositories. Customers with existing EC2 instances running More info: https://aws.amazon.com/security/security-bulletins/AWS-2021-001/

It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment. To support these activities, attackers seek out tools that assist in the mass sending of malspam (malicious spam) emails from a compromised […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/MnGE1GL6510/phishing-malspam-with-leaf-phpmailer.html

WordPress is massively popular. Around every one in five sites on the Internet uses WordPress in some form. Be that to run a humble blog, or a multi-site Content Management System (CMS) or eCommerce site. As a result, it is no surprise that WordPress websites are a very popular target for both experienced hackers and […] More info: https://www.wpwhitesecurity.com/wordpress-security/

Initial Publication Date: 2021/01/26 2:11PM PST CVE Identifier: CVE-2021-3156 AWS is aware of the security issue recently disclosed by the open source community affecting the Linux "sudo" utility (CVE-2021-3156). This issue may permit unprivileged users to run privileged commands. The sudo maintainers have published more information about this issue at https://www.sudo.ws/alerts/unescape_overflow.html. AWS infrastructure and services are not affected by this issue. As a general More info: https://aws.amazon.com/security/security-bulletins/AWS-2021-001/

Initial Publication Date: 2021/01/26 2:11PM PST CVE Identifier: CVE-2021-3156 AWS is aware of the security issue recently disclosed by the open source community affecting the Linux "sudo" utility (CVE-2021-3156). This issue may permit unprivileged users to run privileged commands. The sudo maintainers have published more information about this issue at https://www.sudo.ws/alerts/unescape_overflow.html. AWS infrastructure and services are not not affected by this issue. As a general More info: https://aws.amazon.com/security/security-bulletins/AWS-2021-001/

Trackers and adtech companies have long abused browser features to follow people around the web. Since 2018, we have been dedicated to reducing the number of ways our users can … Read moreThe post Firefox 85 Cracks Down on Supercookies appeared first on Mozilla Security Blog. More info: https://blog.mozilla.org/security/2021/01/26/supercookie-protections/

QEMU vulnerability CVE-2017-15289 Security Advisory Security Advisory Description The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a ... More info: https://support.f5.com/csp/article/K22572754?utm_source=f5support&utm_medium=RSS

Wordfence announces a new program offering free site cleaning and site audits to public schools in the United States. We talk about why we’re offering this program and how to help schools take advantage of it. We also talk about the growing prevalence of WordPress as a content management system and how the incoming administration […] More info: https://www.wordfence.com/blog/2021/01/episode-101-supporting-remote-students-with-free-site-audits-cleanings/

by Michael Hawkins. Some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.Severity/Risk:SeriousVersions affected:3.10Versions fixed:3.10.1Reported by:kstptCVE identifier:CVE-2021-20183Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-70571Tracker issue:MDL-70571 Search input template insufficiently escaped search queries More info: https://moodle.org/mod/forum/discuss.php?d=417166&parent=1680837

by Michael Hawkins. Insufficient capability checks in some grade related web services meant students were able to view other students grades.Severity/Risk:MinorVersions affected:3.10, 3.9 to 3.9.3, 3.8 to 3.8.6Versions fixed:3.10.1, 3.9.4 and 3.8.7Reported by:Juan Segarra MontesinosCVE identifier:CVE-2021-20184Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69797Tracker issue:MDL-69797 Grade information disclosure in grades external fetch More info: https://moodle.org/mod/forum/discuss.php?d=417167&parent=1680839