Multiple security issues were discovered in QEMU, a fast processoremulator, which could result in denial of service, the execution ofarbitrary code or bypass of ACLs.
More info:
https://www.debian.org/security/2019/dsa-4512
Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2HTTP server, which could result in denial of service.
More info:
https://www.debian.org/security/2019/dsa-4511
https://pagely.com/blog/wordpress-security-plugins/For a variety of reasons, WordPress sites are targeted by hackers. This makes addressing security vulnerabilities a critical aspect of managing a WordPress website. WordPress attacks are not an isolated […]
More info:
https://pagely.com/blog/wordpress-security-plugins/
http://feedproxy.google.com/~r/sucuri/blog/~3/lCfv7PmOBzA/timthumb-attacks-the-scale-of-legacy-malware-infections.html These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its operations, the scale of infections was significantly larger — and it was quite typical to see hundreds of thousands of websites affected by the same malware. This was mostly […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/lCfv7PmOBzA/timthumb-attacks-the-scale-of-legacy-malware-infections.html
https://www.wordfence.com/blog/2019/08/ongoing-malvertising-campaign-continues-exploiting-new-vulnerabilities/ In July, we reported on a malvertising campaign which was distributing redirect and popup code through a number of public vulnerabilities affecting the WordPress ecosystem. As mentioned in the article, we’ve continued tracking this threat for new or changing activity. Much of the campaign remains identical. Known vulnerabilities in WordPress plugins are exploited to […]
More info:
https://www.wordfence.com/blog/2019/08/ongoing-malvertising-campaign-continues-exploiting-new-vulnerabilities/
https://www.wordfence.com/blog/2019/08/ongoing-malvertising-campaign-continues-exploiting-new-vulnerabilities/ In July, we reported on a malvertising campaign which was distributing redirect and popup code through a number of public vulnerabilities affecting the WordPress ecosystem. As mentioned in the article, we’ve continued tracking this threat for new or changing activity. Much of the campaign remains identical. Known vulnerabilities in WordPress plugins are exploited to […]
More info:
https://www.wordfence.com/blog/2019/08/ongoing-malvertising-campaign-continues-exploiting-new-vulnerabilities/
Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieveprotocol parsers in the Dovecot email server do not properly validateinput (both pre- and post-login). A remote attacker can take advantageof this flaw to trigger out of bounds heap memory writes, leading toinformation leaks or potentially the execution of arbitrary code.
More info:
https://www.debian.org/security/2019/dsa-4510
Linux kernel vulnerability CVE-2019-10639 Security Advisory Security Advisory Description The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel ...
More info:
https://support.f5.com/csp/article/K32804955
Linux kernel vulnerability CVE-2019-12614 Security Advisory Security Advisory Description An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux ...
More info:
https://support.f5.com/csp/article/K54337315
More info:
https://wpvulndb.com/vulnerabilities/9856
