11 matches found
[SECURITY] [DLA 56-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb6u5 CVE ID : CVE-2014-2053 CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 CVE-2014-5265 CVE-2014-5266 Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information...
Fedora Update for wordpress FEDORA-2014-9270
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : drupal7-7.31-1.fc20 (2014-9278)
Update to upstream 7.31 release for SA-CORE-2014-004 This is a bugfix release. For complete details, refer to: https://www.drupal.org/drupal-7.30-release-notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
Fedora Update for wordpress FEDORA-2014-9264
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for drupal7 FEDORA-2014-9278
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : wordpress-3.9.2-3.fc20 (2014-9264)
Upstream announcement: http://wordpress.org/news/2014/08/wordpress-3-9-2/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Design/Logic Flaw
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...
CVE-2014-5265
Technical details for CVE-2014-5265 are not publicly provided in the connected documents. The Initial Description mentions an XML entity expansion denial of service in IXR used by WordPress/Drupal. Monitor vendor advisories for updates.
Debian DSA-3001-1 : wordpress - security update
Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/08/wordpress-3-9-2/. %NASLMINLEVEL 70300 C Tenable Network Security,...
Debian DSA-2999-1 : drupal7 - security update
A denial of service vulnerability was discovered in Drupal, a fully-featured content management framework. A remote attacker could exploit this flaw to cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections, leading to the site becoming unavailable...
SA-CORE-2014-004 - Drupal core - Denial of service
Drupal 6 and Drupal 7 include an XML-RPC endpoint which is publicly available xmlrpc.php. The PHP XML parser used by this XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site's database to rea...