Blog

Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information disclosureCVE IDs: CVE-2020-13670Description: A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade to Drupal More info: https://www.drupal.org/sa-core-2020-011

cURL vulnerability CVE-2020-8284 Security Advisory Security Advisory Description A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given ... More info: https://support.f5.com/csp/article/K63525058?utm_source=f5support&utm_medium=RSS

cURL vulnerability CVE-2020-8285 Security Advisory Security Advisory Description curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP ... More info: https://support.f5.com/csp/article/K61186963?utm_source=f5support&utm_medium=RSS

cURL vulnerability CVE-2020-8285 Security Advisory Security Advisory Description curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP ... More info: https://support.f5.com/csp/article/K61186963?utm_source=f5support&utm_medium=RSS

OpenSSL vulnerability CVE-2021-23841 Security Advisory Security Advisory Description The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on ... More info: https://support.f5.com/csp/article/K52833764?utm_source=f5support&utm_medium=RSS

OpenSSL vulnerability CVE-2021-23839 Security Advisory Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to ... More info: https://support.f5.com/csp/article/K61903372?utm_source=f5support&utm_medium=RSS

OpenSSL vulnerability CVE-2021-23840 Security Advisory Security Advisory Description Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in ... More info: https://support.f5.com/csp/article/K24624116?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2020-25705 Security Advisory Security Advisory Description A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows ... More info: https://support.f5.com/csp/article/K09604370?utm_source=f5support&utm_medium=RSS

On January 20, 2021, our Threat Intelligence team responsibly disclosed four vulnerabilities in Ninja Forms, a WordPress plugin used by over one million sites. One of these flaws made it possible for attackers to redirect site administrators to arbitrary locations. The second flaw made it possible for attackers with subscriber level access or above to […] More info: https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/

WordPress 5.7 Beta 3 is now available for testing! This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with it. You can test the WordPress 5.7 Beta 3 in two ways: Install/activate the WordPress Beta Tester plugin (select the Bleeding […] More info: https://wordpress.org/news/2021/02/wordpress-5-7-beta-3/