Several vulnerabilities were discovered in WordPress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or
– CVE-2019-8907 – remote denial of service in do_core_note in readelf.c – CVE-2019-8905 – stack-based buffer over-read in do_core_note in readelf.c – CVE-2019-8904 – stack-based buffer over-read in do_bid_note in readelf.c – CVE-2019-8906 – out-of-bounds read in do_core_note in readelf.c
Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. For the stable distribution (stretch), this problem has been fixed in
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Multiple out-of-bounds memory accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record() function.
Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side request forgery, resulting in information disclosure or denial of service.
50 queries. 8.5 mb Memory usage. 0.243 seconds.