wordpress-5.1.18-1.el7
WordPress 5.1.18 Security Release
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.fc38
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.fc39
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.el9
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
chromium-121.0.6167.139-1.fc38
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
chromium-121.0.6167.139-1.fc39
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in side channel attacks, leaking sensitive data to log
files, denial of service or bypass of sandbox restrictions.
Rory McNamara discovered that runC did not properly manage internal file
descriptor while managing containers. An attacker could possibly use this
issue to obtain sensitive information or bypass container restrictions.
Multiple Vulnerabilities have been discovered in Ivanti Products, the most severe of which could allow for remote code execution.
Ivanti Connect Secure is a SSL VPN solution for remote and mobile users.
Ivanti Policy Secure (IPS) is a network access control (NAC) solution which provides network access only to authorized and secured users and devices.
Ivanti Neurons for Zero Trust Access (nZTA) creates a secure connection from a device to web-based applications on-premises and in the cloud
Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the logged on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
