This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability.
This vulnerability allows local attackers to escalate privileges on affected installations of Cisco Nexus Dashboard Fabric Controller. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability.
WordPress 5.9.2 is now available!
This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 5.9.2 is a security and maintenance release. The next major release will be version 6.0.
You can download WordPress 5.9.2 from WordPress.org, or visit your Dashboard → Updates and click “Update Now”.
If you have sites that support automatic background updates, they’ve already started the update process.
The security team would like to thank the following people for responsively reporting vulnerabilities, allowing them to be fixed in this release:
Melar Dev, for finding a Prototype Pollution Vulnerability in a jQuery dependencyBen Bidner of the WordPress security team, for finding a Stored Cross Site Scripting VulnerabilityResearchers from Johns Hopkins University, for finding a Prototype Pollution Vulnerability in the block editor
For more information, browse the full list of changes on Trac, or check out the version 5.9.2 HelpHub documentation page.
The 5.9.2 release was led by Jb Audras, with the help of Jorge Costa on package updates, Sergey Biryukov on mission control, and David Baumwald on backport commits.
In addition to the release squad members and security researchers mentioned above, thank you to everyone who helped make WordPress 5.9.2 happen:
Alan Jacob Mathew, Alex Concha, André, Anton Vlasenko, David Baumwald, ehtis, Jb Audras, Jorge Costa, Peter Wilson, Sergey Biryukov, Tonya Mork, and ironprogrammer.
Props @davidbaumwald and @sergeybiryukov for peer review.
CIS now offers free trials for several CIS Hardened Images, pre-configured virtual machine images, in the AWS Marketplace. Try a hardened VM today.
The US Securities and Exchange Commission today proposed legal changes that would require publicly traded companies to disclose material cybersecurity incidents within four days of such a breach.
The SEC also wants to require “periodic disclosures” of the impact of ongoing cybersecurity threats in regularly scheduled quarterly 10-Q and annual 10-K reports filed by publicly traded firms, further increasing the mandate for transparency on cybersecurity issues. The more immediate reports disclosing security incidents would be filed in 8-K forms, used for unscheduled disclosures.
The idea is to protect investors by improving their ability to inform themselves about the risks involved in investing in a given company, according to the SEC. Given the severity of the threat posed by bad cybersecurity actors, a breach could have a huge impact on a company’s stock value and line of business, the commission said in a statement.
Thomas Akesson discovered that Subversion incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
A man accused of being connected to the Russia-linked REvil ransomware group responsible for cyberattacks on organizations including US-based software company Kaseya, has been extradited from Poland and arraigned in a Dallas court.
In November last year, the US Department of Justice charged the man, 22-year-old Yaroslav Vasinskyi, of being behind the July 2021 ransomware attack against Kaseya. Vasinskyi, a Ukrainian national, was taken into custody in Poland and transported to Dallas, where he arrived on March 3.
