2020 Year in Review: the best of WP White Security

2020 has been a challenging year for many. However, we have been very lucky and even though it was challenging, we’ve made the best out of it, and we turned it into a big one! So we wanted to take the time and look back at everything that happened at WP White Security. With remote […] More info: https://www.wpwhitesecurity.com/2020-year-review/

QEMU 4.2.0 vulnerability CVE-2020-7039

QEMU 4.2.0 vulnerability CVE-2020-7039 Security Advisory Security Advisory Description tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC ... More info: https://support.f5.com/csp/article/K18684657?utm_source=f5support&utm_medium=RSS

QEMU 4.2.0 vulnerability CVE-2020-7039

QEMU 4.2.0 vulnerability CVE-2020-7039 Security Advisory Security Advisory Description tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC ... More info: https://support.f5.com/csp/article/K18684657?utm_source=f5support&utm_medium=RSS

Drupal core – Critical – Third-party libraries – SA-CORE-2021-001

Project: Drupal coreDate: 2021-January-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Third-party librariesDescription: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:CVE-2020-36193Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.Solution: Install the latest version:If More info: https://www.drupal.org/sa-core-2021-001

Drupal core – Critical – Third-party libraries – SA-CORE-2021-001

Project: Drupal coreDate: 2021-January-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Third-party librariesDescription: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:CVE-2020-36193Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.Solution: Install the latest version:If More info: https://www.drupal.org/sa-core-2021-001

WordPress Vulnerabilities Explained

Unfortunately, WordPress vulnerabilities exist. WordPress vulnerabilities can exist in your plugins, your themes, and even WordPress core. And since WordPress now powers nearly 40% of all websites, the task of understanding vulnerabilities is even more important. Simply put: you have to vigilant about your website’s security. If you aren’t a WordPress security expert, understanding all […] More info: https://ithemes.com/wordpress-vulnerabilities-explained/

Uncovering Potential Issues with the Contact Form 7 Vulnerability: More Data Needed

On December 17, 2020, the Astra research security team disclosed that they had discovered a critical severity Unrestricted File Upload vulnerability in Contact Form 7, the most popular WordPress plugin of all time. The lead researcher, Jinson Varghese, also published a blog post providing limited information about this vulnerability. The initial disclosure claimed that “By […] More info: https://www.wordfence.com/blog/2021/01/uncovering-potential-issues-with-the-contact-form-7-vulnerability-more-data-needed/

glibc vulnerability CVE-2020-29562

glibc vulnerability CVE-2020-29562 Security Advisory Security Advisory Description The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing ... More info: https://support.f5.com/csp/article/K16346064?utm_source=f5support&utm_medium=RSS
Translate »