Huy Nguyá» n Phạm Nháºt, and Valentin T. and Lutz Wolf of CrowdStrike, discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks.
Archive for June, 2024
WordPress 6.6 Beta 3
WordPress 6.6 Beta 3 is here! Please download and test it. This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites—you risk unexpected results if you do. Instead, test Beta 3 on a local site or a testing environment […]
A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed.
From June 13-15, 2024, WordPress enthusiasts from across the globe gathered in Torino to explore and celebrate the world’s most popular web platform at WordCamp Europe 2024. A dedicated team of 250 volunteers, led by WordCamp veterans Wendie Huis in ‘t Veld, Juan Hernando, and Takis Bouyouris, organized and produced the event.
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Multiple security issues were discovered in Thunderbird, which could result inthe execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed
Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak.
Tricky errors like WordPress 500 Internal Server Error keep your site offline if they’re not fixed. Here’s how to solve this one.
The post Securing the WordPress Frontier with WP Guardian appeared first on Plesk.
Introducing WP Guardian Vulnerability Protection: Now available for WP Toolkit
Tricky errors like WordPress 500 Internal Server Error keep your site offline if they’re not fixed. Here’s how to solve this one.
The post Introducing WP Guardian Vulnerability Protection: Now available for WP Toolkit appeared first on Plesk.
Damian Poddebniak discovered that the Cyrus IMAP server didn’t restrict memory allocation for some command arguments which may result in denial of service. This update backports new config directives which allow to configure limits, additional details can be found at:
A buffer overflow was discovered in the MMS module of the VLC media player. For the oldstable distribution (bullseye), this problem has been fixed
WordPress 6.6 Beta 2
WordPress 6.6 Beta 2 is here! Please download and test it. This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites—you risk unexpected results if you do. Instead, test Beta 2 on a local site or a testing environment […]
Get ready to dive into the vibrant world of WordCamps with this special episode of the WordPress Briefing, hosted by Josepha Haden Chomphosy! This episode is designed for first-time attendees; we’ll explore what to expect, from Contributor Day activities to mastering the art of socializing and networking. Whether you’re aiming to contribute to the WordPress […]
WordPress Development at Your Fingertips with Codeable
Tricky errors like WordPress 500 Internal Server Error keep your site offline if they’re not fixed. Here’s how to solve this one.
The post WordPress Development at Your Fingertips with Codeable appeared first on Plesk.
Update to upstream 1.3.2, including fix for CVE-2024-3727
Several security issues were fixed in OpenJDK 21.
Several security issues were fixed in OpenJDK 17.
Update to upstream 1.3.2, including fix for CVE-2024-3727
An integer overflow vulnerability in the rar e8 filter was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.
A use-after-free was discovered in tinyproxy, a lightweight, non-caching, optionally anonymizing HTTP proxy, which could result in denial of service.
WordPress 6.5.4 is now available!This minor release features 5 bug fixes in Core. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. WordPress 6.5.4 is a short-cycle release. The next major release will be version 6.6 planned for July 2024. If you have sites that support […]
Fix CVE-2024-36048
This is the May 2024 release for .NET 8. This is a security update for .NET 8. Release notes: https://github.com/dotnet/core/blob/main/release- notes/8.0/8.0.5/8.0.5.md
WordPress 6.6 Beta 1
WordPress 6.6 Beta 1 is here! Please download and test it. This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites—you risk unexpected results if you do. Instead, install Beta 1 on local sites and testing environments in any […]
libarchive could be made to crash or run programs as your login if it opened a specially crafted file.
WebPros Announces the Promotion of Jesse Asklund to Chief Product Officer
Tricky errors like WordPress 500 Internal Server Error keep your site offline if they’re not fixed. Here’s how to solve this one.
The post WebPros Announces the Promotion of Jesse Asklund to Chief Product Officer appeared first on Plesk.
fix CVE-2023-36308
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
update to 125.0.6422.141 High CVE-2024-5493: Heap buffer overflow in WebRTC High CVE-2024-5494: Use after free in Dawn High CVE-2024-5495: Use after free in Dawn High CVE-2024-5496: Use after free in Media Session