Project: Drupal coreVersion: 8.8.x-dev8.7.x-devDate: 2020-March-18Security risk: Moderately critical 13∕25 AC:Complex/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Third-party libraryDescription: The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations.Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site’s users. When multiple people
More info:
https://www.drupal.org/sa-core-2020-001
BlueZ and Intel Smart Sound Technology vulnerabilities CVE-2020-0556 and CVE-2020-0583 Security Advisory Security Advisory Description CVE-2020-0556 Improper access control in subsystem for BlueZ ...
More info:
https://support.f5.com/csp/article/K92327553?utm_source=f5support&utm_medium=RSS
https://wordpress.org/news/2020/03/wordpress-5-4-rc3/The third release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the WordPress 5.4 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
More info:
https://wordpress.org/news/2020/03/wordpress-5-4-rc3/
https://wordpress.org/news/2020/03/wordpress-5-4-rc3/The third release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the WordPress 5.4 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
More info:
https://wordpress.org/news/2020/03/wordpress-5-4-rc3/
PHP vulnerability CVE-2019-6977 Security Advisory Security Advisory Description gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch ...
More info:
https://support.f5.com/csp/article/K02412162?utm_source=f5support&utm_medium=RSS
Kernel vulnerability CVE-2016-6828 Security Advisory Security Advisory Description The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain ...
More info:
https://support.f5.com/csp/article/K62442245?utm_source=f5support&utm_medium=RSS
https://www.getastra.com/blog/911/japanese-keyword-hack/ Many website owners have contacted us worried about Japanese SEO Spam or Japanese Keyword Hack. In a Japanese keyword hack, auto generated Japanese text starts to appear on your site. This particular Blackhat SEO technique hijacks Google search results by …
More info:
https://www.getastra.com/blog/911/japanese-keyword-hack/
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/ On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites. One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. The other vulnerability allowed any logged-in user, even those with
More info:
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/
https://wpbuffs.com/how-to-secure-wordpress-site/At any moment, your website might be under attack without you knowing it. Bots could be probing your pages, trying to find vulnerabilities to inject malware or gain access to user data. It’s your job to secure your WordPress site so it isn’t low-hanging fruit for them. Although WordPress is secure in and of itself, […]
More info:
https://wpbuffs.com/how-to-secure-wordpress-site/
We wanted to post a quick acknowledgement that VMware will be a part of the 2020 Pwn2Own Contest, this year from our home offices in Palo Alto and Bangalore to review any vulnerabilities that may be demonstrated during the contest. We would like to thank the organizers for inviting us. Stay tuned for further updates. The post VMware and Pwn2Own Vancouver 2020 appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/03/vmware-and-pwn2own-vancouver-2020.html
