In this episode of security headlines the following vulnerabilities are mentioned:

For wordpress:

WordPress Aviary Image Editor Add-On For Gravity Forms Plugins 3.0 Beta R7 CSRF Shell Upload Vulnerability

Wordpress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting

Wordpress Plugin PicUploader 1.0 - Remote File Upload

WordPress StatTraq 1.3.0 SQL Injection

WordPress WP Forms 1.5.8.2 Cross Site Scripting

WordPress WPForms 1.5.9 Cross Site Scripting

Tor:

Medium CVE-2020-10592: Torproject TOR

Medium CVE-2020-10593: Torproject TOR

TROVE-2020-002 TROVE-2020-004

remotely triggerable memory leak on relays and clients

Causing denial of service

https://trac.torproject.org/projects/tor/ticket/33619

Sharepoint:

SharePoint Workflows XOML Injection which is now a metasploit module

https://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html

Joomla:

Joomla GMapFP 3.30 Arbitrary File Upload

Joomla HDWPlayer 4.2 SQL Injection

Joomla! com_hdwplayer 4.2 search.php SQL Injection

Jenkins:

jenkins-2-plugins: Execute arbitrary code commands

openshift/jenkins-plugin: Deserialization in snakeyaml YAML() objects

allowed for remote code execution (CVE-2020-2167)

Weechat:

Medium CVE-2020-9759: Weechat Weechat

Medium CVE-2020-9760: Weechat Weechat

https://weechat.org/doc/security/

One crash and one buffer overflow based on nick prefixes.

SCADA:

New scada vulnerability affecting Schneider Electric IGSS SCADA Software

https://www.zerodayinitiative.com/advisories/upcoming/

https://www.us-cert.gov/ics/advisories/icsa-20-084-02

http/3 QUIC vuln:

Specially formatted HTTP/3 messages may cause the Traffic Management

Microkernel (TMM) to produce a core file. (CVE-2020-5859)

https://support.f5.com/csp/article/K61367237

Check us out at:

https://firosolutions.com

https://watchers.firosolutions.com

https://blog.firosolutions.com

https://status.firosolutions.com