Blog

runc vulnerability CVE-2021-30465 Security Advisory Security Advisory Description runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the ... More info: https://support.f5.com/csp/article/K33820305?utm_source=f5support&utm_medium=RSS

glibc vulnerability CVE-2020-27618 Security Advisory Security Advisory Description The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte ... More info: https://support.f5.com/csp/article/K08641512?utm_source=f5support&utm_medium=RSS

MariaDB vulnerability CVE-2020-15180 Security Advisory Security Advisory Description A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` ... More info: https://support.f5.com/csp/article/K75885190?utm_source=f5support&utm_medium=RSS

polkit vulnerability CVE-2021-3560 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing ... More info: https://support.f5.com/csp/article/K41410307?utm_source=f5support&utm_medium=RSS

Apache Cassandra vulnerability CVE-2020-13946 Security Advisory Security Advisory Description In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is ... More info: https://support.f5.com/csp/article/K36212405?utm_source=f5support&utm_medium=RSS

Python-Pillow vulnerability CVE-2021-25288 Security Advisory Security Advisory Description An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. More info: https://support.f5.com/csp/article/K71249196?utm_source=f5support&utm_medium=RSS

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and […] More info: https://ithemes.com/wordpress-vulnerability-report-june-2021-part-4/

Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal credit card details from unsuspecting victims and sell them on the black market for a profit. The online ecommerce environment is diverse, constituting many different content management system (CMS) platforms […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/B9ibYVf85sw/online-credit-card-theft-online-fraud.html

A Critical Vulnerability in VMWare’s vCenter Server threatens some of the largest data centers in the world. An actively exploited 0-day in macOS was used to take screen shots of infected computers. CodeCov claims another victim as Japanese e-Commerce unicorn Mercari reports a massive data breach. Domino’s India and Air India suffer from large-scale data […] More info: https://www.wordfence.com/blog/2021/05/episode-119-critical-vmware-vulnerability-threatens-data-centers/

Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a product had been added to the cart and a customer was about to enter their payment […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/-ThPbwpFtXw/woocommerce-credit-card-skimmer.html