Monthly Archive: October 2020

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

WordPress before 5.5.2 allows CSRF attacks that change a theme’s background image. Date published : 2020-10-30 https://www.debian.org/security/2020/dsa-4784 https://lists.fedoraproject.org/archives/list/[email protected]/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. Date published : 2020-10-30 https://www.debian.org/security/2020/dsa-4784 https://lists.fedoraproject.org/archives/list/[email protected]/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

WordPress before 5.5.2 allows stored XSS via post slugs. Date published : 2020-10-30 https://www.debian.org/security/2020/dsa-4784 https://lists.fedoraproject.org/archives/list/[email protected]/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial...

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. Date published : 2020-10-30 https://www.debian.org/security/2020/dsa-4784 https://lists.fedoraproject.org/archives/list/[email protected]/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. Date published : 2020-10-30 https://www.debian.org/security/2020/dsa-4784 https://lists.fedoraproject.org/archives/list/[email protected]/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

WordPress before 5.5.2 allows XSS associated with global variables. Date published : 2020-10-30 https://www.debian.org/security/2020/dsa-4784 https://lists.fedoraproject.org/archives/list/[email protected]/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. Date published : 2020-10-30 https://www.debian.org/security/2020/dsa-4784 https://lists.fedoraproject.org/archives/list/[email protected]/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. Date published : 2020-10-30 https://www.debian.org/security/2020/dsa-4784 https://lists.fedoraproject.org/archives/list/[email protected]/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. Date published : 2020-10-30 https://discussions.eramba.org/t/bug-injectable-host-header-security-issue/1719 https://www.eramba.org/releases

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. Date published : 2020-10-30 https://lists.fedoraproject.org/archives/list/[email protected]/message/UHZSVK7PO2LTGFQXFHFXY6SOMSQ7UPRS/ https://lists.fedoraproject.org/archives/list/[email protected]/message/V2667E6WKVE56G66BVBVD7LJPIDOJ7K3/

A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to...

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to...