Javier García

15 febrero, 2020

Apache Airflow CVE-2019-12398 HTML Injection Vulnerability

Type: Vulnerability. Apache Airflow is prone to a HTML-injection vulnerability; fixes are available. More info: http://www.symantec.com/security_response/vulnerability.jsp?bid=111575&om_rssid=sr-advisories

15 febrero, 2020

Apache Airflow CVE-2019-12398 HTML Injection Vulnerability

14 febrero, 2020

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002

Project: Drupal coreDate: 2018-March-28Security risk: Highly critical 24∕25 AC:None/A:None/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code Execution CVE IDs: CVE-2018-7600Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.The security team has written an FAQ about this More info: https://www.drupal.org/sa-core-2018-002

14 febrero, 2020

JSA10987 – 2020-01 Security Bulletin: Junos OS: MX Series: In BBE configurations, receipt of a specific packet causes a Denial of Service (CVE-2020-1608)

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10987&actp=RSS

14 febrero, 2020

GDPR Cookie Consent < 1.8.3 – Improper Access Controls

https://wpvulndb.com/vulnerabilities/10069 More info: https://wpvulndb.com/vulnerabilities/10069

14 febrero, 2020

New! Save Time Securing WordPress With User Groups

https://ithemes.com/new-save-time-securing-wordpress-with-user-groups/The iThemes Security Pro plugin already helps you lock down your WordPress website down to the user-level with the User Security Check and User Logging features. Today, we are excited to roll out the New User Groups feature gives you the power to enforce the right level of security for the right people. Introducing User […] More info: https://ithemes.com/new-save-time-securing-wordpress-with-user-groups/

14 febrero, 2020

Advanced Security Headers

https://300m.com/security/advanced-security-headers/I have some great security headers on this blog, but they are added using a single checkbox on the Sucuri WAF (web application firewall) this site uses. This is what they look like: x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff … More info: https://300m.com/security/advanced-security-headers/

13 febrero, 2020

Linux kernel vulnerability CVE-2017-8824

Linux kernel vulnerability CVE-2017-8824 Security Advisory Security Advisory Description The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to ... More info: https://support.f5.com/csp/article/K15526101?utm_source=f5support&utm_medium=RSS

13 febrero, 2020

Participants Database < 1.9.5.6 – Authenticated Time Based SQL Injection

https://wpvulndb.com/vulnerabilities/10068 More info: https://wpvulndb.com/vulnerabilities/10068

13 febrero, 2020

WordPress 5.4 Beta 1

https://wordpress.org/news/2020/02/wordpress-5-4-beta-1/WordPress 5.4 Beta 1 is now available for testing! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.4 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” […] More info: https://wordpress.org/news/2020/02/wordpress-5-4-beta-1/