2020 has been a challenging year for many. However, we have been very lucky and even though it was challenging, we’ve made the best out of it, and we turned it into a big one! So we wanted to take the time and look back at everything that happened at WP White Security. With remote […]
More info:
https://www.wpwhitesecurity.com/2020-year-review/
QEMU 4.2.0 vulnerability CVE-2020-7039 Security Advisory Security Advisory Description tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC ...
More info:
https://support.f5.com/csp/article/K18684657?utm_source=f5support&utm_medium=RSS
QEMU 4.2.0 vulnerability CVE-2020-7039 Security Advisory Security Advisory Description tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC ...
More info:
https://support.f5.com/csp/article/K18684657?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2021-January-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Third-party librariesDescription: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:CVE-2020-36193Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.Solution: Install the latest version:If
More info:
https://www.drupal.org/sa-core-2021-001
Project: Drupal coreDate: 2021-January-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Third-party librariesDescription: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:CVE-2020-36193Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.Solution: Install the latest version:If
More info:
https://www.drupal.org/sa-core-2021-001
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11111&actp=RSS
Intel Ethernet 700 Series Controllers vulnerabilities CVE-2020-8690, CVE-2020-8691, CVE-2020-8692, and CVE-2020-8693 Security Advisory Security Advisory Description CVE-2020-8690 Protection ...
More info:
https://support.f5.com/csp/article/K28563873?utm_source=f5support&utm_medium=RSS
Unfortunately, WordPress vulnerabilities exist. WordPress vulnerabilities can exist in your plugins, your themes, and even WordPress core. And since WordPress now powers nearly 40% of all websites, the task of understanding vulnerabilities is even more important. Simply put: you have to vigilant about your website’s security. If you aren’t a WordPress security expert, understanding all […]
More info:
https://ithemes.com/wordpress-vulnerabilities-explained/
On December 17, 2020, the Astra research security team disclosed that they had discovered a critical severity Unrestricted File Upload vulnerability in Contact Form 7, the most popular WordPress plugin of all time. The lead researcher, Jinson Varghese, also published a blog post providing limited information about this vulnerability. The initial disclosure claimed that “By […]
More info:
https://www.wordfence.com/blog/2021/01/uncovering-potential-issues-with-the-contact-form-7-vulnerability-more-data-needed/
glibc vulnerability CVE-2020-29562 Security Advisory Security Advisory Description The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing ...
More info:
https://support.f5.com/csp/article/K16346064?utm_source=f5support&utm_medium=RSS