Blog

by Michael Hawkins. The ID number user profile field required additional sanitizing to prevent a stored XSS risk.Severity/Risk:SeriousVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:Magyar-Hunor TamasWorkaround:Disable the ID number field by unchecking it in Site admin > Users > User policies > Show user identity, until the patch has been applied.CVE More info: https://moodle.org/mod/forum/discuss.php?d=419650&parent=1691259

WordPress 5.7 “Esperanza” is out, and here at Pagely major releases are typically pushed within a 2-5 week window or at the first minor release the tag. However, this version […] More info: https://pagely.com/blog/wordpress-5-7-first-major-release-of-2021/

Overview of F5 vulnerabilities (March 2021) Security Advisory Security Advisory Description On March 10th, 2021, F5 announced twenty-one (21) CVEs, including four Critical vulnerabilities. This ... More info: https://support.f5.com/csp/article/K02566623?utm_source=f5support&utm_medium=RSS

Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it was found to encode captured data before saving it to […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/pyFI2EIUYFo/magento-2-php-credit-card-skimmer-saves-to-jpg.html

Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it was found to encode captured data before saving it to […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/pyFI2EIUYFo/magento-2-php-credit-card-skimmer-saves-to-jpg.html

With thousands of customers adopting the VMware Carbon Black Cloud to secure their endpoints and workloads, our ecosystem continues to grow, developing integrations to deliver enhanced workflows and security to our customers. We are proud to announce the interoperability between the VMware Carbon Black Cloud and Proofpoint Targeted Attack Protection (TAP). Using these solutions together provides coordinated detections and automated response workflows across end user devices and inboxes to More info: https://blogs.vmware.com/security/2021/03/announcing-coordinated-detection-response-from-vmware-carbon-black-and-proofpoint.html?utm_source=rss&utm_medium=rss&utm_campaign=announcing-coordinated-detection-response-from-vmware-carbon-black-and-proofpoint

Linux kernel ext3/ext4 file system vulnerability CVE-2020-14314 Security Advisory Security Advisory Description A memory out-of-bounds read flaw was found in the Linux kernels ext3/ext4 file ... More info: https://support.f5.com/csp/article/K67830124?utm_source=f5support&utm_medium=RSS

glibc vulnerability CVE-2019-25013 Security Advisory Security Advisory Description The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte ... More info: https://support.f5.com/csp/article/K68251873?utm_source=f5support&utm_medium=RSS

Apache mod_proxy_ftp vulnerability CVE-2020-1934 Security Advisory Security Advisory Description In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to ... More info: https://support.f5.com/csp/article/K59333944?utm_source=f5support&utm_medium=RSS

BIG-IQ HA vulnerability CVE-2021-23005 Security Advisory Security Advisory Description When using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use ... More info: https://support.f5.com/csp/article/K01243064?utm_source=f5support&utm_medium=RSS